From 47a70ca3a3959d081d5e2787aceb939898a67146 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 18 Jan 2025 12:26:19 +0100 Subject: [PATCH 01/15] ml-kem laxes --- Cargo.toml | 2 +- .../fstar-bitvec/BitVec.Intrinsics.fsti | 88 +- .../fstar-bitvec/Tactics.MachineInts.fst | 12 +- .../Libcrux_intrinsics.Arm64_extract.fst | 2 +- .../Libcrux_intrinsics.Arm64_extract.fsti | 2 +- .../Libcrux_intrinsics.Avx2_extract.fst | 10 +- .../Libcrux_intrinsics.Avx2_extract.fsti | 10 +- libcrux-intrinsics/src/avx2_extract.rs | 4 +- libcrux-ml-dsa/Cargo.toml | 2 +- libcrux-ml-kem/Cargo.toml | 2 +- .../Libcrux_ml_kem.Constant_time_ops.fst | 70 +- .../Libcrux_ml_kem.Constant_time_ops.fsti | 31 +- .../extraction/Libcrux_ml_kem.Constants.fsti | 16 +- .../Libcrux_ml_kem.Hash_functions.Avx2.fst | 16 +- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 16 +- .../Libcrux_ml_kem.Hash_functions.Neon.fst | 16 +- .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 16 +- ...Libcrux_ml_kem.Hash_functions.Portable.fst | 16 +- ...ibcrux_ml_kem.Hash_functions.Portable.fsti | 16 +- .../Libcrux_ml_kem.Hash_functions.fsti | 35 +- ...m.Ind_cca.Instantiations.Avx2.Unpacked.fst | 8 +- ....Ind_cca.Instantiations.Avx2.Unpacked.fsti | 18 +- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 8 +- ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 18 +- ...m.Ind_cca.Instantiations.Neon.Unpacked.fst | 4 +- ....Ind_cca.Instantiations.Neon.Unpacked.fsti | 9 +- ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 4 +- ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 9 +- ...d_cca.Instantiations.Portable.Unpacked.fst | 4 +- ..._cca.Instantiations.Portable.Unpacked.fsti | 9 +- ...ml_kem.Ind_cca.Instantiations.Portable.fst | 4 +- ...l_kem.Ind_cca.Instantiations.Portable.fsti | 9 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fst | 4 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fsti | 9 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 56 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 17 +- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 54 +- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 15 +- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fst | 2 +- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti | 2 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 95 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 18 +- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 50 +- .../extraction/Libcrux_ml_kem.Matrix.fst | 34 +- .../extraction/Libcrux_ml_kem.Matrix.fsti | 2 +- ...Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst | 145 +-- ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 60 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 24 +- ...Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst | 145 +-- ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 60 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 24 +- ...rux_ml_kem.Mlkem1024.Portable.Unpacked.fst | 145 +-- ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 60 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 24 +- .../Libcrux_ml_kem.Mlkem1024.Rand.fst | 24 +- .../Libcrux_ml_kem.Mlkem1024.Rand.fsti | 8 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fst | 60 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fsti | 57 +- .../Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst | 144 +-- ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 60 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 24 +- .../Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst | 144 +-- ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem512.Neon.fst | 60 +- .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 24 +- ...crux_ml_kem.Mlkem512.Portable.Unpacked.fst | 145 +-- ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem512.Portable.fst | 60 +- .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 24 +- .../Libcrux_ml_kem.Mlkem512.Rand.fst | 26 +- .../Libcrux_ml_kem.Mlkem512.Rand.fsti | 8 +- .../extraction/Libcrux_ml_kem.Mlkem512.fst | 60 +- .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 57 +- .../Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst | 157 +-- ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 70 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 60 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 24 +- .../Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst | 157 +-- ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 70 +- .../Libcrux_ml_kem.Mlkem768.Neon.fst | 60 +- .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 24 +- ...crux_ml_kem.Mlkem768.Portable.Unpacked.fst | 157 +-- ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti | 70 +- .../Libcrux_ml_kem.Mlkem768.Portable.fst | 60 +- .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 24 +- .../Libcrux_ml_kem.Mlkem768.Rand.fst | 24 +- .../Libcrux_ml_kem.Mlkem768.Rand.fsti | 8 +- .../extraction/Libcrux_ml_kem.Mlkem768.fst | 60 +- .../extraction/Libcrux_ml_kem.Mlkem768.fsti | 57 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 93 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti | 4 +- .../extraction/Libcrux_ml_kem.Polynomial.fst | 55 +- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 43 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 227 ++-- .../extraction/Libcrux_ml_kem.Sampling.fsti | 16 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 166 +-- .../extraction/Libcrux_ml_kem.Serialize.fsti | 25 +- .../fstar/extraction/Libcrux_ml_kem.Types.fst | 6 +- .../fstar/extraction/Libcrux_ml_kem.Utils.fst | 48 +- .../extraction/Libcrux_ml_kem.Utils.fsti | 13 +- .../extraction/Libcrux_ml_kem.Variant.fst | 30 +- .../extraction/Libcrux_ml_kem.Variant.fsti | 18 +- .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 95 +- ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 11 +- .../Libcrux_ml_kem.Vector.Avx2.Compress.fst | 47 +- .../Libcrux_ml_kem.Vector.Avx2.Compress.fsti | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fst | 72 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 23 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fsti | 4 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 363 +++--- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 24 +- .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 50 +- .../Libcrux_ml_kem.Vector.Avx2.fsti | 33 +- .../Libcrux_ml_kem.Vector.Neon.Arithmetic.fst | 12 +- ...Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti | 2 +- .../Libcrux_ml_kem.Vector.Neon.Compress.fst | 43 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fst | 17 +- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 236 ++-- .../Libcrux_ml_kem.Vector.Neon.Serialize.fsti | 12 +- ...Libcrux_ml_kem.Vector.Neon.Vector_type.fst | 32 +- ...ibcrux_ml_kem.Vector.Neon.Vector_type.fsti | 6 +- .../extraction/Libcrux_ml_kem.Vector.Neon.fst | 66 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 38 +- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 15 +- ...ibcrux_ml_kem.Vector.Portable.Compress.fst | 26 +- ...bcrux_ml_kem.Vector.Portable.Compress.fsti | 17 +- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 140 +-- ...ibcrux_ml_kem.Vector.Portable.Sampling.fst | 30 +- ...bcrux_ml_kem.Vector.Portable.Sampling.fsti | 4 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 485 ++++---- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 44 +- ...rux_ml_kem.Vector.Portable.Vector_type.fst | 10 +- ...ux_ml_kem.Vector.Portable.Vector_type.fsti | 10 +- .../Libcrux_ml_kem.Vector.Portable.fst | 55 +- .../Libcrux_ml_kem.Vector.Portable.fsti | 32 +- ...ibcrux_ml_kem.Vector.Rej_sample_table.fsti | 1038 +++++++++-------- .../Libcrux_ml_kem.Vector.Traits.fst | 12 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 73 +- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 4 +- .../proofs/fstar/spec/Spec.MLKEM.fst | 10 +- .../proofs/fstar/spec/Spec.Utils.fst | 65 +- libcrux-ml-kem/src/constant_time_ops.rs | 70 +- libcrux-ml-kem/src/ntt.rs | 4 +- libcrux-ml-kem/src/sampling.rs | 22 +- libcrux-ml-kem/src/serialize.rs | 6 +- libcrux-ml-kem/src/utils.rs | 6 +- libcrux-ml-kem/src/vector/avx2.rs | 10 +- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 70 +- libcrux-ml-kem/src/vector/avx2/compress.rs | 2 +- libcrux-ml-kem/src/vector/avx2/serialize.rs | 2 +- libcrux-ml-kem/src/vector/neon.rs | 2 +- libcrux-ml-kem/src/vector/neon/vector_type.rs | 2 +- libcrux-ml-kem/src/vector/portable.rs | 6 +- .../src/vector/portable/arithmetic.rs | 12 +- .../src/vector/portable/vector_type.rs | 2 +- libcrux-ml-kem/src/vector/traits.rs | 16 +- .../extraction/Libcrux_platform.Platform.fst | 2 +- .../extraction/Libcrux_platform.Platform.fsti | 2 +- 163 files changed, 4373 insertions(+), 3849 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index bc214d207..cf271bddd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -87,7 +87,7 @@ log = { version = "0.4", optional = true } # WASM API wasm-bindgen = { version = "0.2.87", optional = true } getrandom = { version = "0.2", features = ["js"], optional = true } -hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/" } +hax-lib = { git = "https://github.com/hacspec/hax/", branch = "transparent-integers" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti index a101013a6..c679996a9 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti @@ -22,7 +22,7 @@ let mm256_srli_epi64 (shift: i32 {v shift >= 0 /\ v shift <= 64}) (vec: bit_vec let mm256_castsi256_si128 (vec: bit_vec 256): bit_vec 128 = mk_bv (fun i -> vec i) -let mm256_extracti128_si256 (control: i32{control == 1l}) (vec: bit_vec 256): bit_vec 128 +let mm256_extracti128_si256 (control: i32{control == mk_i32 1}) (vec: bit_vec 256): bit_vec 128 = mk_bv (fun i -> vec (i + 128)) let mm256_si256_from_two_si128 (lower upper: bit_vec 128): bit_vec 256 @@ -86,7 +86,7 @@ let mm256_and_si256 (x y: bit_vec 256): bit_vec 256 = mk_bv (fun i -> if y i = 0 then 0 else x i) let mm256_set1_epi16 (constant: i16) - (#[Tactics.exact (match unify_app (quote constant) (quote (fun n -> ((1s < (((mk_i16 1) < `(mm256_set1_epi16_pow2_minus_one (`#x)) | _ -> (quote (mm256_set1_epi16_no_semantics constant)) )]result: bit_vec 256) @@ -173,26 +173,26 @@ open FStar.Tactics.V2 let mm256_mullo_epi16 (a count: bit_vec 256) (#[( - if match unify_app (quote count) (quote (fun x -> mm256_set_epi16 (1s < unquote x = 1s + if match unify_app (quote count) (quote (fun x -> mm256_set_epi16 ((mk_i16 1) < unquote x = (mk_i16 1) | _ -> false then Tactics.exact (quote (mm256_mullo_epi16_specialized1 a)) - else if match unify_app (quote count) (quote (fun x -> mm256_set_epi16 (1s < unquote x = 1s + else if match unify_app (quote count) (quote (fun x -> mm256_set_epi16 ((mk_i16 1) < unquote x = (mk_i16 1) | _ -> false then Tactics.exact (quote (mm256_mullo_epi16_specialized2 a)) else - if match unify_app (quote count) (quote (fun x -> mm256_set_epi16 (1s < unquote x = 1s + if match unify_app (quote count) (quote (fun x -> mm256_set_epi16 ((mk_i16 1) < unquote x = (mk_i16 1) | _ -> false then Tactics.exact (quote (mm256_mullo_epi16_specialized3 a)) else @@ -201,22 +201,22 @@ let mm256_mullo_epi16 let madd_rhs (n: nat {n < 16}) = mm256_set_epi16 - (1s < bit_vec 256 -> bit_vec 256 @@ -273,8 +273,8 @@ let mm_shuffle_epi8 let t = match unify_app (quote y) (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 -> mm_set_epi8 - (UInt8.uint_to_t x0 ) (UInt8.uint_to_t x1 ) (UInt8.uint_to_t x2 ) (UInt8.uint_to_t x3 ) (UInt8.uint_to_t x4 ) (UInt8.uint_to_t x5 ) (UInt8.uint_to_t x6 ) (UInt8.uint_to_t x7 ) - (UInt8.uint_to_t x8 ) (UInt8.uint_to_t x9 ) (UInt8.uint_to_t x10) (UInt8.uint_to_t x11) (UInt8.uint_to_t x12) (UInt8.uint_to_t x13) (UInt8.uint_to_t x14) (UInt8.uint_to_t x15))) [] with + (mk_u8 x0 ) (mk_u8 x1 ) (mk_u8 x2 ) (mk_u8 x3 ) (mk_u8 x4 ) (mk_u8 x5 ) (mk_u8 x6 ) (mk_u8 x7 ) + (mk_u8 x8 ) (mk_u8 x9 ) (mk_u8 x10) (mk_u8 x11) (mk_u8 x12) (mk_u8 x13) (mk_u8 x14) (mk_u8 x15))) [] with | Some [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15] -> `(mm_shuffle_epi8_u8 (`@x) (mk_list_16 @@ -301,10 +301,10 @@ let mm256_shuffle_epi8 let t = match unify_app (quote y) (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x20 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31 -> mm256_set_epi8 - (Int8.int_to_t x0 ) (Int8.int_to_t x1 ) (Int8.int_to_t x2 ) (Int8.int_to_t x3 ) (Int8.int_to_t x4 ) (Int8.int_to_t x5 ) (Int8.int_to_t x6 ) (Int8.int_to_t x7 ) - (Int8.int_to_t x8 ) (Int8.int_to_t x9 ) (Int8.int_to_t x10) (Int8.int_to_t x11) (Int8.int_to_t x12) (Int8.int_to_t x13) (Int8.int_to_t x14) (Int8.int_to_t x15) - (Int8.int_to_t x16) (Int8.int_to_t x17) (Int8.int_to_t x18) (Int8.int_to_t x19) (Int8.int_to_t x20) (Int8.int_to_t x21) (Int8.int_to_t x22) (Int8.int_to_t x23) - (Int8.int_to_t x24) (Int8.int_to_t x25) (Int8.int_to_t x26) (Int8.int_to_t x27) (Int8.int_to_t x28) (Int8.int_to_t x29) (Int8.int_to_t x30) (Int8.int_to_t x31))) [] with + (mk_i8 x0 ) (mk_i8 x1 ) (mk_i8 x2 ) (mk_i8 x3 ) (mk_i8 x4 ) (mk_i8 x5 ) (mk_i8 x6 ) (mk_i8 x7 ) + (mk_i8 x8 ) (mk_i8 x9 ) (mk_i8 x10) (mk_i8 x11) (mk_i8 x12) (mk_i8 x13) (mk_i8 x14) (mk_i8 x15) + (mk_i8 x16) (mk_i8 x17) (mk_i8 x18) (mk_i8 x19) (mk_i8 x20) (mk_i8 x21) (mk_i8 x22) (mk_i8 x23) + (mk_i8 x24) (mk_i8 x25) (mk_i8 x26) (mk_i8 x27) (mk_i8 x28) (mk_i8 x29) (mk_i8 x30) (mk_i8 x31))) [] with | Some [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15;x16;x17;x18;x19;x20;x21;x22;x23;x24;x25;x26;x27;x28;x29;x30;x31] -> `(mm256_shuffle_epi8_i8 (`@x) (mk_list_32 @@ -331,8 +331,8 @@ let mm256_permutevar8x32_epi32 let t = match unify_app (quote y) (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 -> mm256_set_epi32 - (Int32.int_to_t x0) (Int32.int_to_t x1) (Int32.int_to_t x2) (Int32.int_to_t x3) - (Int32.int_to_t x4) (Int32.int_to_t x5) (Int32.int_to_t x6) (Int32.int_to_t x7))) [] with + (mk_i32 x0) (mk_i32 x1) (mk_i32 x2) (mk_i32 x3) + (mk_i32 x4) (mk_i32 x5) (mk_i32 x6) (mk_i32 x7))) [] with | Some [x0;x1;x2;x3;x4;x5;x6;x7] -> `(mm256_permutevar8x32_epi32_i32 (`@x) (mk_list_8 (`#x0 ) (`#x1 ) (`#x2 ) (`#x3 ) (`#x4 ) (`#x5 ) (`#x6 ) (`#x7 ))) @@ -354,8 +354,8 @@ let mm256_sllv_epi32 let t = match unify_app (quote y) (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 -> mm256_set_epi32 - (Int32.int_to_t x0) (Int32.int_to_t x1) (Int32.int_to_t x2) (Int32.int_to_t x3) - (Int32.int_to_t x4) (Int32.int_to_t x5) (Int32.int_to_t x6) (Int32.int_to_t x7))) [] with + (mk_i32 x0) (mk_i32 x1) (mk_i32 x2) (mk_i32 x3) + (mk_i32 x4) (mk_i32 x5) (mk_i32 x6) (mk_i32 x7))) [] with | Some [x0;x1;x2;x3;x4;x5;x6;x7] -> `(mm256_sllv_epi32_i32 (`@x) (mk_list_8 (`#x0 ) (`#x1 ) (`#x2 ) (`#x3 ) (`#x4 ) (`#x5 ) (`#x6 ) (`#x7 ))) @@ -421,5 +421,5 @@ let tassert (x: bool): Tac unit private let example: bit_vec 256 = mk_bv (fun i -> if i % 16 = 15 then 1 else 0) private let x = bv_to_string example -private let y = bv_to_string (mm256_srli_epi16 15l example) +private let y = bv_to_string (mm256_srli_epi16 (mk_i32 15) example) diff --git a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst index 85bb0bb78..4cdeeb1a5 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst @@ -197,7 +197,8 @@ let norm_machine_int_term = combine flatten_machine_int_term (change_native_mach let norm_generic_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term false) /// Unfolds `mk_int` using `mk_int_equiv_lemma` -let norm_mk_int () = +let norm_mk_int () = Some () // Should now be a noop +(* let?# (lhs, _) = expect_lhs_eq_uvar () in let lhs' = term_to_machine_int_term lhs in match?# lhs' with @@ -210,6 +211,7 @@ let norm_mk_int () = ); Some () | _ -> None +*) /// Lemmas to deal with the special case of usize let rw_v_mk_int_usize x @@ -259,15 +261,15 @@ let transform (f: machine_int_term -> option machine_int_term): Tac unit open Rust_primitives.Integers let _ = fun x -> assert (v (mk_int #usize_inttype x) == x) by (transform norm_machine_int_term; trefl ()) -let _ = assert (mk_int #u8_inttype 3 == 3uy) +let _ = assert (mk_int #u8_inttype 3 == mk_u8 3) by (transform norm_machine_int_term; trefl ()) -let _ = fun x -> assert (mk_int #u8_inttype x == FStar.UInt8.uint_to_t x) +let _ = fun x -> assert (mk_int #u8_inttype x == mk_u8 x) by (transform norm_machine_int_term) let _ = assert (v (mk_int #usize_inttype 3) == 3) by (transform norm_machine_int_term; trefl ()) let _ = fun x -> assert (v (mk_int #usize_inttype x) == x) by (transform norm_machine_int_term; trefl ()) -let _ = assert (mk_int #u8_inttype 3 == 3uy) +let _ = assert (mk_int #u8_inttype 3 == mk_u8 3) by (transform norm_generic_machine_int_term; trefl ()) -let _ = fun x -> assert (mk_int #u8_inttype x == FStar.UInt8.uint_to_t x) +let _ = fun x -> assert (mk_int #u8_inttype x == mk_u8 x) by (transform norm_generic_machine_int_term; trefl ()) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst index e23020d49..4110ce845 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Arm64_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti index d4014e6a8..a03c287ec 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Arm64_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst index 5cf54bf43..03cb96f3e 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -164,7 +164,8 @@ val mm256_mulhi_epi16': lhs: t_Vec256 -> rhs: t_Vec256 fun result -> let result:t_Vec256 = result in vec256_as_i16x16 result == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> + cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) @@ -254,7 +255,7 @@ let mm256_slli_epi64 (v_LEFT: i32) = mm256_slli_epi64' v_LEFT assume val mm256_srai_epi16': v_SHIFT_BY: i32 -> vector: t_Vec256 -> Prims.Pure t_Vec256 - (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (requires v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16) (ensures fun result -> let result:t_Vec256 = result in @@ -385,7 +386,8 @@ val mm_mulhi_epi16': lhs: t_Vec128 -> rhs: t_Vec128 fun result -> let result:t_Vec128 = result in vec128_as_i16x8 result == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> + cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 4b6ebb714..8d53cea4a 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -88,7 +88,8 @@ val mm256_mulhi_epi16 (lhs rhs: t_Vec256) fun result -> let result:t_Vec256 = result in vec256_as_i16x16 result == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> + cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) @@ -138,7 +139,7 @@ include BitVec.Intrinsics {mm256_sllv_epi32} val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 - (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (requires v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16) (ensures fun result -> let result:t_Vec256 = result in @@ -216,7 +217,8 @@ val mm_mulhi_epi16 (lhs rhs: t_Vec128) fun result -> let result:t_Vec128 = result in vec128_as_i16x8 result == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> + cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index db36e70c1..e650680ac 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -352,7 +352,7 @@ pub fn mm256_movemask_ps(a: Vec256Float) -> i32 { } #[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_mulhi_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() @@ -363,7 +363,7 @@ pub fn mm256_mullo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { } #[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_mulhi_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } diff --git a/libcrux-ml-dsa/Cargo.toml b/libcrux-ml-dsa/Cargo.toml index acbf462d5..caf9027c2 100644 --- a/libcrux-ml-dsa/Cargo.toml +++ b/libcrux-ml-dsa/Cargo.toml @@ -20,7 +20,7 @@ libcrux-sha3 = { version = "0.0.2-beta.2", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-beta.2", path = "../libcrux-intrinsics" } libcrux-platform = { version = "0.0.2-beta.2", path = "../sys/platform" } libcrux-macros = { version = "0.0.2-beta.2", path = "../macros" } -hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/" } +hax-lib = { git = "https://github.com/hacspec/hax/", branch = "transparent-integers" } [dev-dependencies] rand = { version = "0.8" } diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index f35410e77..fffebd142 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -26,7 +26,7 @@ rand = { version = "0.8", optional = true } libcrux-platform = { version = "0.0.2-beta.2", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-beta.2", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-beta.2", path = "../libcrux-intrinsics" } -hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/" } +hax-lib = { git = "https://github.com/hacspec/hax/", branch = "transparent-integers" } [features] # By default all variants and std are enabled. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 184d21930..705834a23 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -7,24 +7,28 @@ let inz (value: u8) = let v__orig_value:u8 = value in let value:u16 = cast (value <: u8) <: u16 in let result:u8 = - cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l <: u16) <: u8 + cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! mk_i32 8 <: u16) + <: + u8 in - let res:u8 = result &. 1uy in + let res:u8 = result &. mk_u8 1 in let _:Prims.unit = if v v__orig_value = 0 then (assert (value == zero); lognot_lemma value; - assert ((~.value +. 1us) == zero); - assert ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) == zero); + assert ((~.value +. (mk_u16 1)) == zero); + assert ((Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) == zero); logor_lemma value zero; - assert ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) == + assert ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) + <: + u16) == value); - assert (v result == v ((value >>! 8l))); + assert (v result == v ((value >>! (mk_i32 8)))); assert ((v value / pow2 8) == 0); - assert (result == 0uy); - logand_lemma 1uy result; - assert (res == 0uy)) + assert (result == (mk_u8 0)); + logand_lemma (mk_u8 1) result; + assert (res == (mk_u8 0))) else (assert (v value <> 0); lognot_lemma value; @@ -34,33 +38,36 @@ let inz (value: u8) = assert ((v (~.value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v value)); assert ((v (~.value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v value)); assert ((v (~.value) + 1) / pow2 8 = (pow2 8 - 1)); - assert (v ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l) = + assert (v ((Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! + (mk_i32 8)) = pow2 8 - 1); assert (result = ones); - logand_lemma 1uy result; - assert (res = 1uy)) + logand_lemma (mk_u8 1) result; + assert (res = (mk_u8 1))) in res let is_non_zero (value: u8) = Core.Hint.black_box #u8 (inz value <: u8) let compare (lhs rhs: t_Slice u8) = - let (r: u8):u8 = 0uy in + let (r: u8):u8 = mk_u8 0 in let r:u8 = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #u8 lhs <: usize) (fun r i -> let r:u8 = r in let i:usize = i in v i <= Seq.length lhs /\ - (if (Seq.slice lhs 0 (v i) = Seq.slice rhs 0 (v i)) then r == 0uy else ~(r == 0uy))) + (if (Seq.slice lhs 0 (v i) = Seq.slice rhs 0 (v i)) + then r == (mk_u8 0) + else ~(r == (mk_u8 0)))) r (fun r i -> let r:u8 = r in let i:usize = i in let nr:u8 = r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) in let _:Prims.unit = - if r =. 0uy + if r =. (mk_u8 0) then (if (Seq.index lhs (v i) = Seq.index rhs (v i)) then @@ -103,36 +110,36 @@ let compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) = #push-options "--ifuel 0 --z3rlimit 50" let select_ct (lhs rhs: t_Slice u8) (selector: u8) = - let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in + let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) (mk_u8 1) in let _:Prims.unit = - assert (if selector = 0uy then mask = ones else mask = zero); + assert (if selector = (mk_u8 0) then mask = ones else mask = zero); lognot_lemma mask; - assert (if selector = 0uy then ~.mask = zero else ~.mask = ones) + assert (if selector = (mk_u8 0) then ~.mask = zero else ~.mask = ones) in - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let out:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let out:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE (fun out i -> - let out:t_Array u8 (sz 32) = out in + let out:t_Array u8 (mk_usize 32) = out in let i:usize = i in v i <= v Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE /\ (forall j. j < v i ==> - (if (selector =. 0uy) + (if (selector =. (mk_u8 0)) then Seq.index out j == Seq.index lhs j else Seq.index out j == Seq.index rhs j)) /\ - (forall j. j >= v i ==> Seq.index out j == 0uy)) + (forall j. j >= v i ==> Seq.index out j == (mk_u8 0))) out (fun out i -> - let out:t_Array u8 (sz 32) = out in + let out:t_Array u8 (mk_usize 32) = out in let i:usize = i in - let _:Prims.unit = assert ((out.[ i ] <: u8) = 0uy) in + let _:Prims.unit = assert ((out.[ i ] <: u8) = (mk_u8 0)) in let outi:u8 = ((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) in let _:Prims.unit = - if (selector = 0uy) + if (selector = (mk_u8 0)) then (logand_lemma (lhs.[ i ] <: u8) mask; assert (((lhs.[ i ] <: u8) &. mask <: u8) == (lhs.[ i ] <: u8)); @@ -176,18 +183,19 @@ let select_ct (lhs rhs: t_Slice u8) (selector: u8) = (rhs.[ i ] <: u8)); assert (outi = (rhs.[ i ] <: u8))) in - let out:t_Array u8 (sz 32) = + let out:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i outi in out) in - let _:Prims.unit = if (selector =. 0uy) then (eq_intro out lhs) else (eq_intro out rhs) in + let _:Prims.unit = if (selector =. (mk_u8 0)) then (eq_intro out lhs) else (eq_intro out rhs) in out #pop-options let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) = - Core.Hint.black_box #(t_Array u8 (sz 32)) (select_ct lhs rhs selector <: t_Array u8 (sz 32)) + Core.Hint.black_box #(t_Array u8 (mk_usize 32)) + (select_ct lhs rhs selector <: t_Array u8 (mk_usize 32)) let compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s rhs_s: t_Slice u8) = let selector:u8 = compare_ciphertexts_in_constant_time lhs_c rhs_c in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index 981aa5aa1..e01a1b7c8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -10,7 +10,8 @@ val inz (value: u8) (ensures fun result -> let result:u8 = result in - (value == 0uy ==> result == 0uy) /\ (value =!= 0uy ==> result == 1uy)) + (value == (mk_u8 0) ==> result == (mk_u8 0)) /\ + (value =!= (mk_u8 0) ==> result == (mk_u8 1))) val is_non_zero (value: u8) : Prims.Pure u8 @@ -18,7 +19,8 @@ val is_non_zero (value: u8) (ensures fun result -> let result:u8 = result in - (value == 0uy ==> result == 0uy) /\ (value =!= 0uy ==> result == 1uy)) + (value == (mk_u8 0) ==> result == (mk_u8 0)) /\ + (value =!= (mk_u8 0) ==> result == (mk_u8 1))) /// Return 1 if the bytes of `lhs` and `rhs` do not exactly /// match and 0 otherwise. @@ -28,7 +30,7 @@ val compare (lhs rhs: t_Slice u8) (ensures fun result -> let result:u8 = result in - (lhs == rhs ==> result == 0uy) /\ (lhs =!= rhs ==> result == 1uy)) + (lhs == rhs ==> result == (mk_u8 0)) /\ (lhs =!= rhs ==> result == (mk_u8 1))) val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) : Prims.Pure u8 @@ -36,38 +38,39 @@ val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) (ensures fun result -> let result:u8 = result in - (lhs == rhs ==> result == 0uy) /\ (lhs =!= rhs ==> result == 1uy)) + (lhs == rhs ==> result == (mk_u8 0)) /\ (lhs =!= rhs ==> result == (mk_u8 1))) /// If `selector` is not zero, return the bytes in `rhs`; return the bytes in /// `lhs` otherwise. val select_ct (lhs rhs: t_Slice u8) (selector: u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize) && (Core.Slice.impl__len #u8 lhs <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in - (selector == 0uy ==> result == lhs) /\ (selector =!= 0uy ==> result == rhs)) + let result:t_Array u8 (mk_usize 32) = result in + (selector == (mk_u8 0) ==> result == lhs) /\ (selector =!= (mk_u8 0) ==> result == rhs)) val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize) && (Core.Slice.impl__len #u8 lhs <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in - (selector == 0uy ==> result == lhs) /\ (selector =!= 0uy ==> result == rhs)) + let result:t_Array u8 (mk_usize 32) = result in + (selector == (mk_u8 0) ==> result == lhs) /\ (selector =!= (mk_u8 0) ==> result == rhs)) val compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s rhs_s: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires (Core.Slice.impl__len #u8 lhs_c <: usize) =. (Core.Slice.impl__len #u8 rhs_c <: usize) && (Core.Slice.impl__len #u8 lhs_s <: usize) =. (Core.Slice.impl__len #u8 rhs_s <: usize) && (Core.Slice.impl__len #u8 lhs_s <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in - let selector = if lhs_c =. rhs_c then 0uy else 1uy in - ((selector == 0uy ==> result == lhs_s) /\ (selector =!= 0uy ==> result == rhs_s))) + let result:t_Array u8 (mk_usize 32) = result in + let selector = if lhs_c =. rhs_c then (mk_u8 0) else (mk_u8 1) in + ((selector == (mk_u8 0) ==> result == lhs_s) /\ + (selector =!= (mk_u8 0) ==> result == rhs_s))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti index 1c3fdf673..191714204 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti @@ -4,24 +4,24 @@ open Core open FStar.Mul /// Each field element needs floor(log_2(FIELD_MODULUS)) + 1 = 12 bits to represent -let v_BITS_PER_COEFFICIENT: usize = sz 12 +let v_BITS_PER_COEFFICIENT: usize = mk_usize 12 /// Coefficients per ring element -let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 +let v_COEFFICIENTS_IN_RING_ELEMENT: usize = mk_usize 256 /// Bits required per (uncompressed) ring element -let v_BITS_PER_RING_ELEMENT: usize = v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12 +let v_BITS_PER_RING_ELEMENT: usize = v_COEFFICIENTS_IN_RING_ELEMENT *! mk_usize 12 /// Bytes required per (uncompressed) ring element -let v_BYTES_PER_RING_ELEMENT: usize = v_BITS_PER_RING_ELEMENT /! sz 8 +let v_BYTES_PER_RING_ELEMENT: usize = v_BITS_PER_RING_ELEMENT /! mk_usize 8 -let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 +let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = mk_usize 32 /// SHA3 512 digest size -let v_G_DIGEST_SIZE: usize = sz 64 +let v_G_DIGEST_SIZE: usize = mk_usize 64 /// SHA3 256 digest size -let v_H_DIGEST_SIZE: usize = sz 32 +let v_H_DIGEST_SIZE: usize = mk_usize 32 /// The size of an ML-KEM shared secret. -let v_SHARED_SECRET_SIZE: usize = sz 32 +let v_SHARED_SECRET_SIZE: usize = mk_usize 32 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fst index e5d447350..b362e6d7c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fst @@ -16,22 +16,22 @@ let impl (v_K: usize) = impl' v_K assume val v_G': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) + -> Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) let v_G = v_G' assume val v_H': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) + -> Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) let v_H = v_H' @@ -48,7 +48,7 @@ val v_PRF': v_LEN: usize -> input: t_Slice u8 let v_PRF (v_LEN: usize) = v_PRF' v_LEN assume -val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K +val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (mk_usize 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -59,14 +59,14 @@ val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) let v_PRFxN (v_K v_LEN: usize) = v_PRFxN' v_K v_LEN assume -val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (sz 34)) v_K +val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (mk_usize 34)) v_K -> Prims.Pure t_Simd256Hash Prims.l_True (fun _ -> Prims.l_True) let shake128_init_absorb_final (v_K: usize) = shake128_init_absorb_final' v_K assume val shake128_squeeze_first_three_blocks': v_K: usize -> st: t_Simd256Hash - -> Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K) + -> Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -74,7 +74,7 @@ let shake128_squeeze_first_three_blocks (v_K: usize) = shake128_squeeze_first_th assume val shake128_squeeze_next_block': v_K: usize -> st: t_Simd256Hash - -> Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) + -> Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index c830bb8f6..3b4560ac7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -12,19 +12,19 @@ val t_Simd256Hash:eqtype val impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K val v_G (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 64)) + : Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) val v_H (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) val v_PRF (v_LEN: usize) (input: t_Slice u8) @@ -35,7 +35,7 @@ val v_PRF (v_LEN: usize) (input: t_Slice u8) let result:t_Array u8 v_LEN = result in result == Spec.Utils.v_PRF v_LEN input) -val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) +val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (mk_usize 33)) v_K) : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -43,15 +43,15 @@ val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) let result:t_Array (t_Array u8 v_LEN) v_K = result in result == Spec.Utils.v_PRFxN v_K v_LEN input) -val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (mk_usize 34)) v_K) : Prims.Pure t_Simd256Hash Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_first_three_blocks (v_K: usize) (st: t_Simd256Hash) - : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K) + : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_next_block (v_K: usize) (st: t_Simd256Hash) - : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) + : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fst index 8c2d78e3f..507c01c0c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fst @@ -16,22 +16,22 @@ let impl (v_K: usize) = impl' v_K assume val v_G': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) + -> Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) let v_G = v_G' assume val v_H': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) + -> Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) let v_H = v_H' @@ -48,7 +48,7 @@ val v_PRF': v_LEN: usize -> input: t_Slice u8 let v_PRF (v_LEN: usize) = v_PRF' v_LEN assume -val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K +val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (mk_usize 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -59,14 +59,14 @@ val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) let v_PRFxN (v_K v_LEN: usize) = v_PRFxN' v_K v_LEN assume -val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (sz 34)) v_K +val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (mk_usize 34)) v_K -> Prims.Pure t_Simd128Hash Prims.l_True (fun _ -> Prims.l_True) let shake128_init_absorb_final (v_K: usize) = shake128_init_absorb_final' v_K assume val shake128_squeeze_first_three_blocks': v_K: usize -> st: t_Simd128Hash - -> Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K) + -> Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -74,7 +74,7 @@ let shake128_squeeze_first_three_blocks (v_K: usize) = shake128_squeeze_first_th assume val shake128_squeeze_next_block': v_K: usize -> st: t_Simd128Hash - -> Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) + -> Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index 1a7c6875a..c01868ca2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -12,19 +12,19 @@ val t_Simd128Hash:eqtype val impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K val v_G (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 64)) + : Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) val v_H (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) val v_PRF (v_LEN: usize) (input: t_Slice u8) @@ -35,7 +35,7 @@ val v_PRF (v_LEN: usize) (input: t_Slice u8) let result:t_Array u8 v_LEN = result in result == Spec.Utils.v_PRF v_LEN input) -val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) +val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (mk_usize 33)) v_K) : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -43,15 +43,15 @@ val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) let result:t_Array (t_Array u8 v_LEN) v_K = result in result == Spec.Utils.v_PRFxN v_K v_LEN input) -val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (mk_usize 34)) v_K) : Prims.Pure t_Simd128Hash Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_first_three_blocks (v_K: usize) (st: t_Simd128Hash) - : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K) + : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_next_block (v_K: usize) (st: t_Simd128Hash) - : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) + : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fst index 7ed902f04..5dca402b3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fst @@ -16,22 +16,22 @@ let impl (v_K: usize) = impl' v_K assume val v_G': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) + -> Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) let v_G = v_G' assume val v_H': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) + -> Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) let v_H = v_H' @@ -48,7 +48,7 @@ val v_PRF': v_LEN: usize -> input: t_Slice u8 let v_PRF (v_LEN: usize) = v_PRF' v_LEN assume -val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K +val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (mk_usize 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -59,14 +59,14 @@ val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) let v_PRFxN (v_K v_LEN: usize) = v_PRFxN' v_K v_LEN assume -val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (sz 34)) v_K +val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (mk_usize 34)) v_K -> Prims.Pure (t_PortableHash v_K) Prims.l_True (fun _ -> Prims.l_True) let shake128_init_absorb_final (v_K: usize) = shake128_init_absorb_final' v_K assume val shake128_squeeze_first_three_blocks': v_K: usize -> st: t_PortableHash v_K - -> Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K) + -> Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -74,7 +74,7 @@ let shake128_squeeze_first_three_blocks (v_K: usize) = shake128_squeeze_first_th assume val shake128_squeeze_next_block': v_K: usize -> st: t_PortableHash v_K - -> Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K) + -> Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti index 661213d58..189d1d26d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -12,19 +12,19 @@ val t_PortableHash (v_K: usize) : eqtype val impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K) v_K val v_G (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 64)) + : Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) val v_H (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) val v_PRF (v_LEN: usize) (input: t_Slice u8) @@ -35,7 +35,7 @@ val v_PRF (v_LEN: usize) (input: t_Slice u8) let result:t_Array u8 v_LEN = result in result == Spec.Utils.v_PRF v_LEN input) -val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) +val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (mk_usize 33)) v_K) : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -43,15 +43,15 @@ val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) let result:t_Array (t_Array u8 v_LEN) v_K = result in result == Spec.Utils.v_PRFxN v_K v_LEN input) -val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (mk_usize 34)) v_K) : Prims.Pure (t_PortableHash v_K) Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_first_three_blocks (v_K: usize) (st: t_PortableHash v_K) - : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K) + : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_next_block (v_K: usize) (st: t_PortableHash v_K) - : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K) + : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index cef2d8613..f2ec96f20 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -4,10 +4,10 @@ open Core open FStar.Mul /// The SHA3 block size. -let v_BLOCK_SIZE: usize = sz 168 +let v_BLOCK_SIZE: usize = mk_usize 168 /// The size of 3 SHA3 blocks. -let v_THREE_BLOCKS: usize = v_BLOCK_SIZE *! sz 3 +let v_THREE_BLOCKS: usize = v_BLOCK_SIZE *! mk_usize 3 /// Abstraction for the hashing, to pick the fastest version depending on the /// platform features available. @@ -17,53 +17,56 @@ let v_THREE_BLOCKS: usize = v_BLOCK_SIZE *! sz 3 /// - Portable class t_Hash (v_Self: Type0) (v_K: usize) = { f_G_pre:input: t_Slice u8 -> pred: Type0{true ==> pred}; - f_G_post:input: t_Slice u8 -> result: t_Array u8 (sz 64) + f_G_post:input: t_Slice u8 -> result: t_Array u8 (mk_usize 64) -> pred: Type0{pred ==> result == Spec.Utils.v_G input}; f_G:x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) (f_G_pre x0) (fun result -> f_G_post x0 result); + -> Prims.Pure (t_Array u8 (mk_usize 64)) (f_G_pre x0) (fun result -> f_G_post x0 result); f_H_pre:input: t_Slice u8 -> pred: Type0{true ==> pred}; - f_H_post:input: t_Slice u8 -> result: t_Array u8 (sz 32) + f_H_post:input: t_Slice u8 -> result: t_Array u8 (mk_usize 32) -> pred: Type0{pred ==> result == Spec.Utils.v_H input}; f_H:x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) (f_H_pre x0) (fun result -> f_H_post x0 result); + -> Prims.Pure (t_Array u8 (mk_usize 32)) (f_H_pre x0) (fun result -> f_H_post x0 result); f_PRF_pre:v_LEN: usize -> input: t_Slice u8 -> pred: Type0{v v_LEN < pow2 32 ==> pred}; f_PRF_post:v_LEN: usize -> input: t_Slice u8 -> result: t_Array u8 v_LEN -> pred: Type0{pred ==> v v_LEN < pow2 32 ==> result == Spec.Utils.v_PRF v_LEN input}; f_PRF:v_LEN: usize -> x0: t_Slice u8 -> Prims.Pure (t_Array u8 v_LEN) (f_PRF_pre v_LEN x0) (fun result -> f_PRF_post v_LEN x0 result); - f_PRFxN_pre:v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K + f_PRFxN_pre:v_LEN: usize -> input: t_Array (t_Array u8 (mk_usize 33)) v_K -> pred: Type0{v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4) ==> pred}; f_PRFxN_post: v_LEN: usize -> - input: t_Array (t_Array u8 (sz 33)) v_K -> + input: t_Array (t_Array u8 (mk_usize 33)) v_K -> result: t_Array (t_Array u8 v_LEN) v_K -> pred: Type0 { pred ==> (v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) ==> result == Spec.Utils.v_PRFxN v_K v_LEN input }; - f_PRFxN:v_LEN: usize -> x0: t_Array (t_Array u8 (sz 33)) v_K + f_PRFxN:v_LEN: usize -> x0: t_Array (t_Array u8 (mk_usize 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (f_PRFxN_pre v_LEN x0) (fun result -> f_PRFxN_post v_LEN x0 result); - f_shake128_init_absorb_final_pre:input: t_Array (t_Array u8 (sz 34)) v_K + f_shake128_init_absorb_final_pre:input: t_Array (t_Array u8 (mk_usize 34)) v_K -> pred: Type0{true ==> pred}; - f_shake128_init_absorb_final_post:t_Array (t_Array u8 (sz 34)) v_K -> v_Self -> Type0; - f_shake128_init_absorb_final:x0: t_Array (t_Array u8 (sz 34)) v_K + f_shake128_init_absorb_final_post:t_Array (t_Array u8 (mk_usize 34)) v_K -> v_Self -> Type0; + f_shake128_init_absorb_final:x0: t_Array (t_Array u8 (mk_usize 34)) v_K -> Prims.Pure v_Self (f_shake128_init_absorb_final_pre x0) (fun result -> f_shake128_init_absorb_final_post x0 result); f_shake128_squeeze_first_three_blocks_pre:self___: v_Self -> pred: Type0{true ==> pred}; - f_shake128_squeeze_first_three_blocks_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 504)) v_K) + f_shake128_squeeze_first_three_blocks_post: + v_Self -> + (v_Self & t_Array (t_Array u8 (mk_usize 504)) v_K) -> Type0; f_shake128_squeeze_first_three_blocks:x0: v_Self - -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 504)) v_K) + -> Prims.Pure (v_Self & t_Array (t_Array u8 (mk_usize 504)) v_K) (f_shake128_squeeze_first_three_blocks_pre x0) (fun result -> f_shake128_squeeze_first_three_blocks_post x0 result); f_shake128_squeeze_next_block_pre:self___: v_Self -> pred: Type0{true ==> pred}; - f_shake128_squeeze_next_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 168)) v_K) -> Type0; + f_shake128_squeeze_next_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (mk_usize 168)) v_K) + -> Type0; f_shake128_squeeze_next_block:x0: v_Self - -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 168)) v_K) + -> Prims.Pure (v_Self & t_Array (t_Array u8 (mk_usize 168)) v_K) (f_shake128_squeeze_next_block_pre x0) (fun result -> f_shake128_squeeze_next_block_post x0 result) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst index ec28ee0ba..e0a1a0a19 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst @@ -47,7 +47,7 @@ let encapsulate_avx2 (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR @@ -61,7 +61,7 @@ let encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = encapsulate_avx2 v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN @@ -70,7 +70,7 @@ let encapsulate let generate_keypair_avx2 (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) @@ -87,7 +87,7 @@ let generate_keypair_avx2 let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti index b55a38fd3..0dca8df7d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti @@ -20,7 +20,7 @@ val decapsulate_avx2 Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -42,7 +42,7 @@ val decapsulate Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -62,8 +62,9 @@ val encapsulate_avx2 (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -83,8 +84,9 @@ val encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -100,7 +102,7 @@ val encapsulate val generate_keypair_avx2 (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) @@ -118,7 +120,7 @@ val generate_keypair_avx2 val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index c6fa41647..7a337fd8e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -68,7 +68,7 @@ let encapsulate_avx2 (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR @@ -80,7 +80,7 @@ let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = encapsulate_avx2 v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN @@ -89,7 +89,7 @@ let encapsulate let generate_keypair_avx2 (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE @@ -99,7 +99,7 @@ let generate_keypair_avx2 let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = generate_keypair_avx2 v_K v_CPA_PRIVATE_KEY_SIZE diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index d31791ba7..501a9d357 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -47,7 +47,7 @@ val decapsulate_avx2 usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -69,7 +69,7 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -90,8 +90,9 @@ val encapsulate_avx2 (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -109,8 +110,9 @@ val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -128,7 +130,7 @@ val encapsulate val generate_keypair_avx2 (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -142,7 +144,7 @@ val generate_keypair_avx2 val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst index c6b885fed..b722d23d0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst @@ -34,7 +34,7 @@ let encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR @@ -45,7 +45,7 @@ let encapsulate let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti index 05e8e5cd5..6c935558d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti @@ -21,7 +21,7 @@ val decapsulate Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -45,8 +45,9 @@ val encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -64,7 +65,7 @@ val encapsulate val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 30ff60795..19acef03a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -52,7 +52,7 @@ let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE @@ -64,7 +64,7 @@ let encapsulate let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index fd97941df..b80c29dd4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -39,7 +39,7 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -60,8 +60,9 @@ val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -79,7 +80,7 @@ val encapsulate val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst index c32203958..f5995234b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst @@ -34,7 +34,7 @@ let encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR @@ -45,7 +45,7 @@ let encapsulate let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti index f406d6a8f..1ff9a6ef7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti @@ -21,7 +21,7 @@ val decapsulate Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -45,8 +45,9 @@ val encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -64,7 +65,7 @@ val encapsulate val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 414098242..9fa7a2c25 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -52,7 +52,7 @@ let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE @@ -64,7 +64,7 @@ let encapsulate let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 19dc4859d..819680dc5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -39,7 +39,7 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -60,8 +60,9 @@ val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -79,7 +80,7 @@ val encapsulate val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index ca7056f6c..e805e0b0f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -55,7 +55,7 @@ let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = if Libcrux_platform.Platform.simd256_support () then @@ -79,7 +79,7 @@ let encapsulate let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = if Libcrux_platform.Platform.simd256_support () then diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index 4fc70d000..9f4516980 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -28,7 +28,7 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -49,8 +49,9 @@ val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -67,7 +68,7 @@ val encapsulate val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index 74db3dabb..70cd9fb5b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -78,7 +78,7 @@ let transpose_a t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun v_A i -> let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -101,7 +101,7 @@ let transpose_a (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = v_A in - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun v_A j -> let v_A:t_Array @@ -169,7 +169,7 @@ let impl v_Vector) #FStar.Tactics.Typeclasses.solve (); - f_public_key_hash = Rust_primitives.Hax.repeat 0uy (sz 32) + f_public_key_hash = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) } <: t_MlKemPublicKeyUnpacked v_K v_Vector @@ -199,7 +199,7 @@ let impl_1 v_Vector) #FStar.Tactics.Typeclasses.solve (); - f_implicit_rejection_value = Rust_primitives.Hax.repeat 0uy (sz 32) + f_implicit_rejection_value = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) } <: t_MlKemPrivateKeyUnpacked v_K v_Vector; @@ -447,7 +447,7 @@ let unpack_public_key unpacked_public_key.f_ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A = - Libcrux_ml_kem.Utils.into_padded_array (sz 32) + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 32) (public_key.Libcrux_ml_kem.Types.f_value.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } @@ -475,7 +475,7 @@ let unpack_public_key #v_Vector #v_Hasher unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) + (Libcrux_ml_kem.Utils.into_padded_array (mk_usize 34) (public_key.Libcrux_ml_kem.Types.f_value.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } @@ -484,7 +484,7 @@ let unpack_public_key <: t_Slice u8) <: - t_Array u8 (sz 34)) + t_Array u8 (mk_usize 34)) false } <: @@ -519,7 +519,7 @@ let encapsulate i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let _:Prims.unit = Lib.Sequence.eq_intro #u8 @@ -527,10 +527,10 @@ let encapsulate (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 64) randomness) 0 32) randomness in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) + let (to_hash: t_Array u8 (mk_usize 64)):t_Array u8 (mk_usize 64) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 64) (randomness <: t_Slice u8) in - let to_hash:t_Array u8 (sz 64) = + let to_hash:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } <: @@ -548,7 +548,7 @@ let encapsulate let _:Prims.unit = Lib.Sequence.eq_intro #u8 #64 to_hash (concat randomness public_key.f_public_key_hash) in - let hashed:t_Array u8 (sz 64) = + let hashed:t_Array u8 (mk_usize 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve @@ -565,8 +565,10 @@ let encapsulate v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher public_key.f_ind_cpa_public_key randomness pseudorandomness in - let shared_secret_array:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let shared_secret_array:t_Array u8 (sz 32) = + let shared_secret_array:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) + in + let shared_secret_array:t_Array u8 (mk_usize 32) = Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret in Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) @@ -575,7 +577,7 @@ let encapsulate ciphertext, shared_secret_array <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) let impl_3__serialized_mut (v_K: usize) @@ -674,12 +676,12 @@ let generate_keypair i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: t_MlKemKeyPairUnpacked v_K v_Vector) = let ind_cpa_keypair_randomness:t_Slice u8 = randomness.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE } <: @@ -820,14 +822,14 @@ let generate_keypair out.f_private_key with f_implicit_rejection_value = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + Core.Result.impl__unwrap #(t_Array u8 (mk_usize 32)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) + #(t_Array u8 (mk_usize 32)) #FStar.Tactics.Typeclasses.solve implicit_rejection_value <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array u8 (mk_usize 32)) Core.Array.t_TryFromSliceError) } <: t_MlKemPrivateKeyUnpacked v_K v_Vector @@ -929,7 +931,7 @@ let decapsulate 32 * v (Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K)); assert (v (Spec.MLKEM.v_C2_SIZE v_K) == 32 * v (Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K)) in - let decrypted:t_Array u8 (sz 32) = + let decrypted:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K v_CIPHERTEXT_SIZE v_C1_SIZE @@ -939,11 +941,11 @@ let decapsulate key_pair.f_private_key.f_ind_cpa_private_key ciphertext.Libcrux_ml_kem.Types.f_value in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) + let (to_hash: t_Array u8 (mk_usize 64)):t_Array u8 (mk_usize 64) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 64) (decrypted <: t_Slice u8) in let _:Prims.unit = Lib.Sequence.eq_intro #u8 #32 (Seq.slice to_hash 0 32) decrypted in - let to_hash:t_Array u8 (sz 64) = + let to_hash:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: @@ -961,7 +963,7 @@ let decapsulate let _:Prims.unit = Lib.Sequence.lemma_concat2 32 decrypted 32 key_pair.f_public_key.f_public_key_hash to_hash in - let hashed:t_Array u8 (sz 64) = + let hashed:t_Array u8 (mk_usize 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve @@ -1010,11 +1012,11 @@ let decapsulate ciphertext.f_value to_hash in - let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + let (implicit_rejection_shared_secret: t_Array u8 (mk_usize 32)):t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (sz 32) + (mk_usize 32) (to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index a6eb033b1..e7def926c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -20,7 +20,7 @@ type t_MlKemPrivateKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_ind_cpa_private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector; - f_implicit_rejection_value:t_Array u8 (sz 32) + f_implicit_rejection_value:t_Array u8 (mk_usize 32) } /// An unpacked ML-KEM IND-CCA Private Key @@ -28,7 +28,7 @@ type t_MlKemPublicKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_ind_cpa_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector; - f_public_key_hash:t_Array u8 (sz 32) + f_public_key_hash:t_Array u8 (mk_usize 32) } /// An unpacked ML-KEM KeyPair @@ -178,8 +178,9 @@ val encapsulate {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -194,7 +195,7 @@ val encapsulate fun temp_0_ -> let ciphertext_result, shared_secret_array:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & - t_Array u8 (sz 32)) = + t_Array u8 (mk_usize 32)) = temp_0_ in let ciphertext, shared_secret = @@ -336,7 +337,7 @@ val generate_keypair {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: t_MlKemKeyPairUnpacked v_K v_Vector) : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) (requires @@ -398,7 +399,7 @@ val decapsulate {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -412,7 +413,7 @@ val decapsulate v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.MLKEM.ind_cca_unpack_decapsulate v_K key_pair.f_public_key.f_public_key_hash diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index a6ffee609..a4afde62e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -22,13 +22,13 @@ let validate_private_key_only Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) = - let t:t_Array u8 (sz 32) = + let t:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve (private_key.Libcrux_ml_kem.Types.f_value.[ { - Core.Ops.Range.f_start = sz 384 *! v_K <: usize; - Core.Ops.Range.f_end = (sz 768 *! v_K <: usize) +! sz 32 <: usize + Core.Ops.Range.f_start = mk_usize 384 *! v_K <: usize; + Core.Ops.Range.f_end = (mk_usize 768 *! v_K <: usize) +! mk_usize 32 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -37,8 +37,8 @@ let validate_private_key_only in let expected:t_Slice u8 = private_key.Libcrux_ml_kem.Types.f_value.[ { - Core.Ops.Range.f_start = (sz 768 *! v_K <: usize) +! sz 32 <: usize; - Core.Ops.Range.f_end = (sz 768 *! v_K <: usize) +! sz 64 <: usize + Core.Ops.Range.f_start = (mk_usize 768 *! v_K <: usize) +! mk_usize 32 <: usize; + Core.Ops.Range.f_end = (mk_usize 768 *! v_K <: usize) +! mk_usize 64 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -72,7 +72,7 @@ let serialize_kem_secret_key_mut (private_key public_key implicit_rejection_value: t_Slice u8) (serialized: t_Array u8 v_SERIALIZED_KEY_LEN) = - let pointer:usize = sz 0 in + let pointer:usize = mk_usize 0 in let serialized:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -221,7 +221,9 @@ let serialize_kem_secret_key Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (private_key public_key implicit_rejection_value: t_Slice u8) = - let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in + let out:t_Array u8 v_SERIALIZED_KEY_LEN = + Rust_primitives.Hax.repeat (mk_u8 0) v_SERIALIZED_KEY_LEN + in let out:t_Array u8 v_SERIALIZED_KEY_LEN = serialize_kem_secret_key_mut v_K v_SERIALIZED_KEY_LEN @@ -249,20 +251,20 @@ let encapsulate Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let randomness:t_Array u8 (sz 32) = + let randomness:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Variant.f_entropy_preprocess #v_Scheme #FStar.Tactics.Typeclasses.solve v_K #v_Hasher (randomness <: t_Slice u8) in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) + let (to_hash: t_Array u8 (mk_usize 64)):t_Array u8 (mk_usize 64) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 64) (randomness <: t_Slice u8) in let _:Prims.unit = eq_intro (Seq.slice to_hash 0 32) randomness in - let to_hash:t_Array u8 (sz 64) = + let to_hash:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } <: @@ -287,7 +289,7 @@ let encapsulate lemma_slice_append to_hash randomness (Spec.Utils.v_H public_key.f_value); assert (to_hash == concat randomness (Spec.Utils.v_H public_key.f_value)) in - let hashed:t_Array u8 (sz 64) = + let hashed:t_Array u8 (mk_usize 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve @@ -311,7 +313,7 @@ let encapsulate #FStar.Tactics.Typeclasses.solve ciphertext in - let shared_secret_array:t_Array u8 (sz 32) = + let shared_secret_array:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Variant.f_kdf #v_Scheme #FStar.Tactics.Typeclasses.solve v_K @@ -322,7 +324,7 @@ let encapsulate in ciphertext, shared_secret_array <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) #pop-options @@ -370,11 +372,11 @@ let generate_keypair i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = let ind_cpa_keypair_randomness:t_Slice u8 = randomness.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE } <: @@ -463,7 +465,7 @@ let decapsulate (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Spec.MLKEM.v_H_DIGEST_SIZE) (length private_key.f_value)) in - let decrypted:t_Array u8 (sz 32) = + let decrypted:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Ind_cpa.decrypt v_K v_CIPHERTEXT_SIZE v_C1_SIZE @@ -473,11 +475,11 @@ let decapsulate ind_cpa_secret_key ciphertext.Libcrux_ml_kem.Types.f_value in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) + let (to_hash: t_Array u8 (mk_usize 64)):t_Array u8 (mk_usize 64) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 64) (decrypted <: t_Slice u8) in let _:Prims.unit = eq_intro (Seq.slice to_hash 0 32) decrypted in - let to_hash:t_Array u8 (sz 64) = + let to_hash:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: @@ -497,7 +499,7 @@ let decapsulate assert (decrypted == Spec.MLKEM.ind_cpa_decrypt v_K ind_cpa_secret_key ciphertext.f_value); assert (to_hash == concat decrypted ind_cpa_public_key_hash) in - let hashed:t_Array u8 (sz 64) = + let hashed:t_Array u8 (mk_usize 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve @@ -549,11 +551,11 @@ let decapsulate assert (i4.f_PRF_pre (sz 32) to_hash); lemma_slice_append to_hash implicit_rejection_value ciphertext.f_value in - let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + let (implicit_rejection_shared_secret: t_Array u8 (mk_usize 32)):t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (sz 32) + (mk_usize 32) (to_hash <: t_Slice u8) in let _:Prims.unit = @@ -566,7 +568,7 @@ let decapsulate v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher ind_cpa_public_key decrypted pseudorandomness in - let implicit_rejection_shared_secret:t_Array u8 (sz 32) = + let implicit_rejection_shared_secret:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Variant.f_kdf #v_Scheme #FStar.Tactics.Typeclasses.solve v_K @@ -575,7 +577,7 @@ let decapsulate (implicit_rejection_shared_secret <: t_Slice u8) ciphertext in - let shared_secret:t_Array u8 (sz 32) = + let shared_secret:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Variant.f_kdf #v_Scheme #FStar.Tactics.Typeclasses.solve v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 057295e89..112b166ed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -96,8 +96,9 @@ val encapsulate {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -111,8 +112,8 @@ val encapsulate v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K) (ensures fun result -> - let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - = + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & + t_Array u8 (mk_usize 32)) = result in let expected, valid = Spec.MLKEM.ind_cca_encapsulate v_K public_key.f_value randomness in @@ -145,7 +146,7 @@ val generate_keypair {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -172,7 +173,7 @@ val decapsulate {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -189,7 +190,7 @@ val decapsulate v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in let expected, valid = Spec.MLKEM.ind_cca_decapsulate v_K private_key.f_value ciphertext.f_value in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst index 1f6cee7c2..10832c996 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst @@ -74,7 +74,7 @@ let impl_1 <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; - f_seed_for_A = Rust_primitives.Hax.repeat 0uy (sz 32); + f_seed_for_A = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32); f_A = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti index 1f7036f4f..875da5b2f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti @@ -19,7 +19,7 @@ type t_IndCpaPublicKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; - f_seed_for_A:t_Array u8 (sz 32); + f_seed_for_A:t_Array u8 (mk_usize 32); f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index a0e42d84a..427387be8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -129,7 +129,7 @@ let build_unpacked_public_key_mut #v_Vector #v_Hasher unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + (Libcrux_ml_kem.Utils.into_padded_array (mk_usize 34) seed <: t_Array u8 (mk_usize 34)) false } <: @@ -192,7 +192,7 @@ let deserialize_then_decompress_u v_U_COMPRESSION_FACTOR <: usize) /! - sz 8 + mk_usize 8 <: usize) (ciphertext <: t_Slice u8) @@ -311,7 +311,7 @@ let sample_ring_element_cbd (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) = let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -323,12 +323,14 @@ let sample_ring_element_cbd <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in + let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = + Rust_primitives.Hax.repeat prf_input v_K + in let v__domain_separator_init:u8 = domain_separator in - let tmp0, out:(t_Array (t_Array u8 (sz 33)) v_K & u8) = + let tmp0, out:(t_Array (t_Array u8 (mk_usize 33)) v_K & u8) = Libcrux_ml_kem.Utils.prf_input_inc v_K prf_inputs domain_separator in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = tmp0 in + let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = tmp0 in let domain_separator:u8 = out in let _:Prims.unit = sample_ring_element_cbd_helper_1 v_K prf_inputs prf_input v__domain_separator_init @@ -342,7 +344,7 @@ let sample_ring_element_cbd prf_inputs in let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun error_1_ i -> let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -450,15 +452,17 @@ let sample_vector_cbd_then_ntt i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) = - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in + let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = + Rust_primitives.Hax.repeat prf_input v_K + in let v__domain_separator_init:u8 = domain_separator in - let tmp0, out:(t_Array (t_Array u8 (sz 33)) v_K & u8) = + let tmp0, out:(t_Array (t_Array u8 (mk_usize 33)) v_K & u8) = Libcrux_ml_kem.Utils.prf_input_inc v_K prf_inputs domain_separator in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = tmp0 in + let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = tmp0 in let domain_separator:u8 = out in let _:Prims.unit = sample_vector_cbd_then_ntt_helper_1 v_K prf_inputs prf_input v__domain_separator_init @@ -472,7 +476,7 @@ let sample_vector_cbd_then_ntt prf_inputs in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun re_as_ntt i -> let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -534,7 +538,7 @@ let sample_vector_cbd_then_ntt_out (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) = let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -578,7 +582,7 @@ let generate_keypair_unpacked (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = - let hashed:t_Array u8 (sz 64) = + let hashed:t_Array u8 (mk_usize 64) = Libcrux_ml_kem.Variant.f_cpa_keygen_seed #v_Scheme #FStar.Tactics.Typeclasses.solve v_K @@ -586,7 +590,7 @@ let generate_keypair_unpacked key_generation_seed in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) + Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (mk_usize 32) in let _:Prims.unit = Lib.Sequence.eq_intro #u8 @@ -603,7 +607,8 @@ let generate_keypair_unpacked #v_Vector #v_Hasher public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) + (Libcrux_ml_kem.Utils.into_padded_array (mk_usize 34) seed_for_A <: t_Array u8 (mk_usize 34) + ) true } <: @@ -613,8 +618,8 @@ let generate_keypair_unpacked let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in assert (valid ==> matrix_A_as_ntt == Libcrux_ml_kem.Polynomial.to_spec_matrix_t public_key.f_A) in - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error + let (prf_input: t_Array u8 (mk_usize 33)):t_Array u8 (mk_usize 33) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 33) seed_for_secret_and_error in let _:Prims.unit = Lib.Sequence.eq_intro #u8 #32 seed_for_secret_and_error (Seq.slice prf_input 0 32) @@ -627,7 +632,7 @@ let generate_keypair_unpacked #v_Hasher private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt prf_input - 0uy + (mk_u8 0) in let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = { private_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = tmp0 } @@ -665,14 +670,14 @@ let generate_keypair_unpacked public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + Core.Result.impl__unwrap #(t_Array u8 (mk_usize 32)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) + #(t_Array u8 (mk_usize 32)) #FStar.Tactics.Typeclasses.solve seed_for_A <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array u8 (mk_usize 32)) Core.Array.t_TryFromSliceError) } <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector @@ -815,7 +820,7 @@ let compress_then_serialize_u Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize + (i +! mk_usize 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize } <: Core.Ops.Range.t_Range usize) @@ -824,7 +829,7 @@ let compress_then_serialize_u Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize + (i +! mk_usize 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize } <: Core.Ops.Range.t_Range usize ] @@ -879,11 +884,11 @@ let encrypt_unpacked i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) - (message: t_Array u8 (sz 32)) + (message: t_Array u8 (mk_usize 32)) (randomness: t_Slice u8) = - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness + let (prf_input: t_Array u8 (mk_usize 33)):t_Array u8 (mk_usize 33) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 33) randomness in let r_as_ntt, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & @@ -894,7 +899,7 @@ let encrypt_unpacked #v_Vector #v_Hasher prf_input - 0uy + (mk_u8 0) in let _:Prims.unit = Lib.Sequence.eq_intro #u8 #32 randomness (Seq.slice prf_input 0 32); @@ -911,8 +916,10 @@ let encrypt_unpacked prf_input domain_separator in - let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator + let prf_input:t_Array u8 (mk_usize 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input + (mk_usize 32) + domain_separator in let _:Prims.unit = assert (Seq.equal prf_input (Seq.append randomness (Seq.create 1 domain_separator))); @@ -954,10 +961,12 @@ let encrypt_unpacked assert (v_CIPHERTEXT_SIZE == v_C1_LEN +! v_C2_LEN); assert (v_C1_LEN <=. v_CIPHERTEXT_SIZE) in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.repeat 0uy v_CIPHERTEXT_SIZE in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Rust_primitives.Hax.repeat (mk_u8 0) v_CIPHERTEXT_SIZE + in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range ciphertext - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = v_C1_LEN } <: Core.Ops.Range.t_Range usize) (compress_then_serialize_u v_K @@ -966,7 +975,7 @@ let encrypt_unpacked v_BLOCK_LEN #v_Vector u - (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + (ciphertext.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = v_C1_LEN } <: Core.Ops.Range.t_Range usize ] <: @@ -1010,7 +1019,7 @@ let encrypt i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (public_key: t_Slice u8) - (message: t_Array u8 (sz 32)) + (message: t_Array u8 (mk_usize 32)) (randomness: t_Slice u8) = let _:Prims.unit = reveal_opaque (`%Spec.MLKEM.ind_cpa_encrypt) Spec.MLKEM.ind_cpa_encrypt in @@ -1034,7 +1043,7 @@ let serialize_secret_key (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let _:Prims.unit = assert_norm (Spec.MLKEM.polynomial_d 12 == Spec.MLKEM.polynomial) in - let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat (mk_u8 0) v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Folds.fold_enumerated_slice key (fun out i -> @@ -1064,7 +1073,9 @@ let serialize_secret_key i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize + (i +! mk_usize 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + <: + usize } <: Core.Ops.Range.t_Range usize) @@ -1075,7 +1086,8 @@ let serialize_secret_key i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + (i +! mk_usize 1 <: usize) *! + Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize } @@ -1137,12 +1149,15 @@ let serialize_public_key_mut = let serialized:t_Array u8 v_PUBLIC_KEY_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } + ({ + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT + } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: @@ -1190,7 +1205,7 @@ let serialize_public_key (seed_for_a: t_Slice u8) = let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE + Rust_primitives.Hax.repeat (mk_u8 0) v_PUBLIC_KEY_SIZE in let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = serialize_public_key_mut v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 981a0c86e..436754c36 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -104,7 +104,7 @@ val sample_ring_element_cbd (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) (requires @@ -129,7 +129,7 @@ val sample_vector_cbd_then_ntt {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) (requires @@ -158,7 +158,7 @@ val sample_vector_cbd_then_ntt_out (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) (requires @@ -281,7 +281,7 @@ val decrypt_unpacked {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (secret_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ @@ -289,7 +289,7 @@ val decrypt_unpacked v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.MLKEM.ind_cpa_decrypt_unpacked v_K ciphertext @@ -302,7 +302,7 @@ val decrypt {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ @@ -311,7 +311,7 @@ val decrypt v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.MLKEM.ind_cpa_decrypt v_K secret_key ciphertext) /// Call [`compress_then_serialize_ring_element_u`] on each ring element. @@ -378,7 +378,7 @@ val encrypt_unpacked {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) - (message: t_Array u8 (sz 32)) + (message: t_Array u8 (mk_usize 32)) (randomness: t_Slice u8) : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) (requires @@ -409,7 +409,7 @@ val encrypt {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: t_Slice u8) - (message: t_Array u8 (sz 32)) + (message: t_Array u8 (mk_usize 32)) (randomness: t_Slice u8) : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) (requires diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index c405a03d7..0f626b6f9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -43,8 +43,8 @@ let invert_ntt_at_layer_1_ let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -66,7 +66,7 @@ let invert_ntt_at_layer_1_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i -! sz 1 in + let zeta_i:usize = zeta_i -! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (4 * 3328) @@ -84,16 +84,16 @@ let invert_ntt_at_layer_1_ #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 1 <: usize) <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 2 <: usize) <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 3 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! mk_usize 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! mk_usize 2 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! mk_usize 3 <: usize) <: i16) <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in - let zeta_i:usize = zeta_i -! sz 3 in + let zeta_i:usize = zeta_i -! mk_usize 3 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque 3328 @@ -122,8 +122,8 @@ let invert_ntt_at_layer_2_ let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -145,7 +145,7 @@ let invert_ntt_at_layer_2_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i -! sz 1 in + let zeta_i:usize = zeta_i -! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque 3328 @@ -163,14 +163,14 @@ let invert_ntt_at_layer_2_ #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! mk_usize 1 <: usize) <: i16) <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in - let zeta_i:usize = zeta_i -! sz 1 in + let zeta_i:usize = zeta_i -! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque 3328 @@ -199,8 +199,8 @@ let invert_ntt_at_layer_3_ let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -222,7 +222,7 @@ let invert_ntt_at_layer_3_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i -! sz 1 in + let zeta_i:usize = zeta_i -! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque 3328 @@ -272,10 +272,10 @@ let invert_ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer: usize) = - let step:usize = sz 1 <>! layer <: usize) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 128 >>! layer <: usize) (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -288,8 +288,8 @@ let invert_ntt_at_layer_4_plus temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i -! sz 1 in - let offset:usize = (round *! step <: usize) *! sz 2 in + let zeta_i:usize = zeta_i -! mk_usize 1 in + let offset:usize = (round *! step <: usize) *! mk_usize 2 in let offset_vec:usize = offset /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in @@ -355,7 +355,7 @@ let invert_ntt_montgomery Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let zeta_i:usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in + let zeta_i:usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! mk_usize 2 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = invert_ntt_at_layer_1_ #v_Vector zeta_i re in @@ -375,25 +375,25 @@ let invert_ntt_montgomery let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 4) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 5) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 6) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 7) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 7) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 6c1d41758..73dbfb33f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -21,12 +21,12 @@ let sample_matrix_A Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (v_A_transpose: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) - (seed: t_Array u8 (sz 34)) + (seed: t_Array u8 (mk_usize 34)) (transpose: bool) = let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun v_A_transpose temp_1_ -> let v_A_transpose:t_Array @@ -42,39 +42,39 @@ let sample_matrix_A v_A_transpose in let i:usize = i in - let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in - let seeds:t_Array (t_Array u8 (sz 34)) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = Rust_primitives.Hax.repeat seed v_K in + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun seeds temp_1_ -> - let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = seeds in let _:usize = temp_1_ in true) seeds (fun seeds j -> - let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = seeds in let j:usize = j in - let seeds:t_Array (t_Array u8 (sz 34)) v_K = + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seeds j (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (seeds.[ j ] <: - t_Array u8 (sz 34)) - (sz 32) + t_Array u8 (mk_usize 34)) + (mk_usize 32) (cast (i <: usize) <: u8) <: - t_Array u8 (sz 34)) + t_Array u8 (mk_usize 34)) in - let seeds:t_Array (t_Array u8 (sz 34)) v_K = + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seeds j (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (seeds.[ j ] <: - t_Array u8 (sz 34)) - (sz 33) + t_Array u8 (mk_usize 34)) + (mk_usize 33) (cast (j <: usize) <: u8) <: - t_Array u8 (sz 34)) + t_Array u8 (mk_usize 34)) in seeds) in @@ -248,7 +248,7 @@ let compute_message Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun result temp_1_ -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -293,7 +293,7 @@ let compute_ring_element_v Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun result temp_1_ -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 8c4c95e96..e48cbe459 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -17,7 +17,7 @@ val sample_matrix_A {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (v_A_transpose: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) - (seed: t_Array u8 (sz 34)) + (seed: t_Array u8 (mk_usize 34)) (transpose: bool) : Prims.Pure (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst index be6ebd525..cd969a751 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst @@ -13,30 +13,30 @@ let _ = let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair serialized in @@ -44,26 +44,26 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair serialized in @@ -71,15 +71,15 @@ let key_pair_serialized_public_key_mut let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) public_key serialized in @@ -87,101 +87,102 @@ let serialized_public_key let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = generate_key_pair_mut randomness key_pair in key_pair let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 4) - (sz 3168) - (sz 1536) - (sz 1568) - (sz 1536) - (sz 1536) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1536) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 1536) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 4) - (sz 1536) - (sz 1536) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1536) + (mk_usize 1568) public_key unpacked_public_key in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti index 72df96050..5da5eebd8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -14,28 +14,28 @@ let _ = /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -48,10 +48,10 @@ val key_pair_serialized_public_key /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -64,10 +64,10 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -83,10 +83,10 @@ val serialized_public_key /// and an [`MlKem1024Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -103,57 +103,57 @@ let _ = /// val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index c9b450487..4fca1afed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -4,45 +4,49 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 4) - (sz 3168) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1568) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 4) (sz 3168) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (mk_usize 4) + (mk_usize 3168) + private_key let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) - (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) - (sz 1536) - (sz 1568) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1568) public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index 763fc3d71..881aa9dff 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -6,41 +6,41 @@ open FStar.Mul /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst index 865f73d20..f3f734df9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst @@ -13,30 +13,30 @@ let _ = let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair serialized in @@ -44,26 +44,26 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair serialized in @@ -71,15 +71,15 @@ let key_pair_serialized_public_key_mut let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) public_key serialized in @@ -87,101 +87,102 @@ let serialized_public_key let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = generate_key_pair_mut randomness key_pair in key_pair let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 4) - (sz 3168) - (sz 1536) - (sz 1568) - (sz 1536) - (sz 1536) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1536) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 1536) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 4) - (sz 1536) - (sz 1536) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1536) + (mk_usize 1568) public_key unpacked_public_key in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti index 3b4eb1833..26ba9b075 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -14,28 +14,28 @@ let _ = /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -48,10 +48,10 @@ val key_pair_serialized_public_key /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -64,10 +64,10 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -83,10 +83,10 @@ val serialized_public_key /// and an [`MlKem1024Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -103,29 +103,29 @@ let _ = /// val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -133,7 +133,7 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -141,31 +141,31 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index f664c07b3..ed08aee8a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -4,45 +4,49 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 4) - (sz 3168) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1568) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 4) (sz 3168) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (mk_usize 4) + (mk_usize 3168) + private_key let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) - (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) - (sz 1536) - (sz 1568) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1568) public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index 097585875..b19abb140 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -6,41 +6,41 @@ open FStar.Mul /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst index 864cd1438..41a39d0cb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst @@ -13,30 +13,30 @@ let _ = let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair serialized in @@ -44,26 +44,26 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair serialized in @@ -71,15 +71,15 @@ let key_pair_serialized_public_key_mut let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) public_key serialized in @@ -87,101 +87,102 @@ let serialized_public_key let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = generate_key_pair_mut randomness key_pair in key_pair let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 4) - (sz 3168) - (sz 1536) - (sz 1568) - (sz 1536) - (sz 1536) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1536) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 1536) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 4) - (sz 1536) - (sz 1536) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1536) + (mk_usize 1568) public_key unpacked_public_key in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti index 6370203e4..3bc71a2c7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -14,28 +14,28 @@ let _ = /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -48,10 +48,10 @@ val key_pair_serialized_public_key /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -64,10 +64,10 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -83,10 +83,10 @@ val serialized_public_key /// and an [`MlKem1024Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -103,29 +103,29 @@ let _ = /// val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -133,7 +133,7 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -141,31 +141,31 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index c093cfc37..577446056 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -4,47 +4,49 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 4) - (sz 3168) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1568) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 4) - (sz 3168) +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (mk_usize 4) + (mk_usize 3168) private_key let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) - (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) - (sz 1536) - (sz 1568) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1568) public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index cb06fc90f..66fe75b0c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -6,41 +6,41 @@ open FStar.Mul /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst index 69f4ab0fc..ed709044f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst @@ -13,22 +13,24 @@ let encapsulate (#impl_277843321_: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 32) = tmp1 in + let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & + t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Mlkem1024.encapsulate public_key randomness in rng, hax_temp_output <: - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32))) let generate_key_pair (#impl_277843321_: Type0) @@ -36,16 +38,16 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 64) = tmp1 in + let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568) = Libcrux_ml_kem.Mlkem1024.generate_key_pair randomness in rng, hax_temp_output <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti index b2175b095..d3fe4f911 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti @@ -18,10 +18,11 @@ val encapsulate (#impl_277843321_: Type0) {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (rng: impl_277843321_) : Prims.Pure - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) @@ -34,6 +35,7 @@ val generate_key_pair {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} (rng: impl_277843321_) - : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) + : Prims.Pure + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index c296a0efc..abb379d62 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -4,53 +4,55 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 4) - (sz 3168) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1568) private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) - (sz 1536) - (sz 1568) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1568) public_key.Libcrux_ml_kem.Types.f_value let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - let result:t_Array u8 (sz 32) = - Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) - private_key ciphertext + let result:t_Array u8 (mk_usize 32) = + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (mk_usize 4) (mk_usize 3168) (mk_usize 1536) + (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) + (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) + (mk_usize 1600) private_key ciphertext in let _:Prims.unit = admit () (* Panic freedom *) in result let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) = - let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) - (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (mk_usize 4) (mk_usize 1568) (mk_usize 1568) + (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) (mk_usize 352) + (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness in let _:Prims.unit = admit () (* Panic freedom *) in result -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = - Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness in let _:Prims.unit = admit () (* Panic freedom *) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index 007e5c86f..e04f8a3bb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -3,34 +3,34 @@ module Libcrux_ml_kem.Mlkem1024 open Core open FStar.Mul -let v_ETA1: usize = sz 2 +let v_ETA1: usize = mk_usize 2 -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! mk_usize 64 -let v_ETA2: usize = sz 2 +let v_ETA2: usize = mk_usize 2 -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! mk_usize 64 -let v_RANK_1024_: usize = sz 4 +let v_RANK_1024_: usize = mk_usize 4 let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize = ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize = - (v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 + (v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! mk_usize 8 let v_T_AS_NTT_ENCODED_SIZE_1024_: usize = ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 -let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = v_T_AS_NTT_ENCODED_SIZE_1024_ +! sz 32 +let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = v_T_AS_NTT_ENCODED_SIZE_1024_ +! mk_usize 32 let v_SECRET_KEY_SIZE_1024_: usize = ((v_CPA_PKE_SECRET_KEY_SIZE_1024_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_1024_ <: usize) +! @@ -39,23 +39,23 @@ let v_SECRET_KEY_SIZE_1024_: usize = usize) +! Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE -let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = sz 11 +let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = mk_usize 11 let v_C1_BLOCK_SIZE_1024_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_1024_ <: usize) /! - sz 8 + mk_usize 8 let v_C1_SIZE_1024_: usize = v_C1_BLOCK_SIZE_1024_ *! v_RANK_1024_ -let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = sz 5 +let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = mk_usize 5 let v_C2_SIZE_1024_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_1024_ <: usize) /! - sz 8 + mk_usize 8 let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ @@ -65,26 +65,26 @@ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:t_Array u8 (sz 32) = res in + let res:t_Array u8 (mk_usize 32) = res in let shared_secret, valid = Spec.MLKEM.Instances.mlkem1024_decapsulate private_key.f_value ciphertext.f_value in @@ -95,13 +95,16 @@ val decapsulate /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = res in + let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32) + ) = + res + in let (ciphertext, shared_secret), valid = Spec.MLKEM.Instances.mlkem1024_encapsulate public_key.f_value randomness in @@ -112,12 +115,12 @@ val encapsulate /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. /// This function returns an [`MlKem1024KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (ensures fun res -> - let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = res in + let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568) = res in let (secret_key, public_key), valid = Spec.MLKEM.Instances.mlkem1024_generate_keypair randomness in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst index c02a6e7aa..996f02924 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst @@ -13,30 +13,30 @@ let _ = let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair serialized in @@ -44,26 +44,26 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair serialized in @@ -71,15 +71,15 @@ let key_pair_serialized_public_key_mut let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) public_key serialized in @@ -87,100 +87,102 @@ let serialized_public_key let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (mk_usize 2) (mk_usize 1632) + (mk_usize 768) (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) + (mk_usize 128) (mk_usize 800) private_key ciphertext let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (mk_usize 2) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = generate_key_pair_mut randomness key_pair in key_pair let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 2) - (sz 1632) - (sz 768) - (sz 800) - (sz 768) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) + (mk_usize 800) + (mk_usize 768) + (mk_usize 768) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 2) - (sz 768) - (sz 768) - (sz 800) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 768) + (mk_usize 800) public_key unpacked_public_key in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti index 21aeb9213..d823e9687 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -14,28 +14,28 @@ let _ = /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -48,10 +48,10 @@ val key_pair_serialized_public_key /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -64,10 +64,10 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -83,10 +83,10 @@ val serialized_public_key /// and an [`MlKem512Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -101,57 +101,57 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index 81867e6a4..2eaeef56f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -4,45 +4,49 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 2) - (sz 1632) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 2) (sz 1632) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (mk_usize 2) + (mk_usize 1632) + private_key let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) - private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (mk_usize 2) (mk_usize 1632) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) + (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) + (mk_usize 800) private_key ciphertext let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (mk_usize 2) (mk_usize 768) (mk_usize 800) + (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) (mk_usize 320) + (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) - (sz 768) - (sz 800) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 800) public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index b138131fe..626294543 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -6,41 +6,41 @@ open FStar.Mul /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst index dc2ec0335..cfc72a8e6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst @@ -13,30 +13,30 @@ let _ = let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair serialized in @@ -44,26 +44,26 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair serialized in @@ -71,15 +71,15 @@ let key_pair_serialized_public_key_mut let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) public_key serialized in @@ -87,100 +87,102 @@ let serialized_public_key let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (mk_usize 2) (mk_usize 1632) + (mk_usize 768) (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) + (mk_usize 128) (mk_usize 800) private_key ciphertext let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (mk_usize 2) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = generate_key_pair_mut randomness key_pair in key_pair let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 2) - (sz 1632) - (sz 768) - (sz 800) - (sz 768) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) + (mk_usize 800) + (mk_usize 768) + (mk_usize 768) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 2) - (sz 768) - (sz 768) - (sz 800) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 768) + (mk_usize 800) public_key unpacked_public_key in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti index d6eab98a0..c6390290c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -14,28 +14,28 @@ let _ = /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -48,10 +48,10 @@ val key_pair_serialized_public_key /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -64,10 +64,10 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -83,10 +83,10 @@ val serialized_public_key /// and an [`MlKem512Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -101,29 +101,29 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -131,7 +131,7 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -139,31 +139,31 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 077af75fe..342ef7132 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -4,45 +4,49 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 2) - (sz 1632) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 2) (sz 1632) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (mk_usize 2) + (mk_usize 1632) + private_key let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) - private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (mk_usize 2) (mk_usize 1632) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) + (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) + (mk_usize 800) private_key ciphertext let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (mk_usize 2) (mk_usize 768) (mk_usize 800) + (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) (mk_usize 320) + (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) - (sz 768) - (sz 800) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 800) public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index 6886ec966..0a0345764 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -6,41 +6,41 @@ open FStar.Mul /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst index 858d9359a..80890fe05 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst @@ -13,30 +13,30 @@ let _ = let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair serialized in @@ -44,26 +44,26 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair serialized in @@ -71,15 +71,15 @@ let key_pair_serialized_public_key_mut let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) public_key serialized in @@ -87,101 +87,102 @@ let serialized_public_key let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) - (sz 800) (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) - (sz 128) (sz 800) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (mk_usize 2) (mk_usize 1632) + (mk_usize 768) (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) + (mk_usize 128) (mk_usize 800) private_key ciphertext let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (mk_usize 2) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = generate_key_pair_mut randomness key_pair in key_pair let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 2) - (sz 1632) - (sz 768) - (sz 800) - (sz 768) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) + (mk_usize 800) + (mk_usize 768) + (mk_usize 768) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 2) - (sz 768) - (sz 768) - (sz 800) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 768) + (mk_usize 800) public_key unpacked_public_key in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti index 7f06b0b9c..2a4491e4a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -14,28 +14,28 @@ let _ = /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -48,10 +48,10 @@ val key_pair_serialized_public_key /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -64,10 +64,10 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -83,10 +83,10 @@ val serialized_public_key /// and an [`MlKem512Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -101,29 +101,29 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -131,7 +131,7 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -139,31 +139,31 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 4c6c96ff8..0642b7f67 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -4,47 +4,49 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 2) - (sz 1632) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 2) - (sz 1632) +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (mk_usize 2) + (mk_usize 1632) private_key let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (mk_usize 2) (mk_usize 1632) + (mk_usize 768) (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) + (mk_usize 128) (mk_usize 800) private_key ciphertext let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (mk_usize 2) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) - (sz 768) - (sz 800) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 800) public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index 64d59c955..498c0da92 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -6,41 +6,41 @@ open FStar.Mul /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst index adca30249..e68504cb8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst @@ -13,22 +13,24 @@ let encapsulate (#impl_277843321_: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 32) = tmp1 in + let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & + t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Mlkem512.encapsulate public_key randomness in rng, hax_temp_output <: - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32))) let generate_key_pair (#impl_277843321_: Type0) @@ -36,14 +38,16 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 64) = tmp1 in + let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800) = Libcrux_ml_kem.Mlkem512.generate_key_pair randomness in - rng, hax_temp_output <: (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) + rng, hax_temp_output + <: + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti index 31ef494ee..cea50dcb6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti @@ -18,10 +18,11 @@ val encapsulate (#impl_277843321_: Type0) {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (rng: impl_277843321_) : Prims.Pure - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) @@ -34,6 +35,7 @@ val generate_key_pair {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} (rng: impl_277843321_) - : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) + : Prims.Pure + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index ec76cf211..b0432fd55 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -4,53 +4,55 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 2) - (sz 1632) - (sz 768) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) - (sz 768) - (sz 800) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 800) public_key.Libcrux_ml_kem.Types.f_value let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - let result:t_Array u8 (sz 32) = - Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) - private_key ciphertext + let result:t_Array u8 (mk_usize 32) = + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (mk_usize 2) (mk_usize 1632) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) + (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) + (mk_usize 800) private_key ciphertext in let _:Prims.unit = admit () (* Panic freedom *) in result let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) = - let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (mk_usize 2) (mk_usize 768) (mk_usize 800) + (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) (mk_usize 320) + (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness in let _:Prims.unit = admit () (* Panic freedom *) in result -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = - Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness in let _:Prims.unit = admit () (* Panic freedom *) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index 94590e2ee..669ec31c4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -3,34 +3,34 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul -let v_ETA1: usize = sz 3 +let v_ETA1: usize = mk_usize 3 -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! mk_usize 64 -let v_ETA2: usize = sz 2 +let v_ETA2: usize = mk_usize 2 -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! mk_usize 64 -let v_RANK_512_: usize = sz 2 +let v_RANK_512_: usize = mk_usize 2 let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = - (v_RANK_512_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 + (v_RANK_512_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! mk_usize 8 let v_T_AS_NTT_ENCODED_SIZE_512_: usize = ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 -let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +! sz 32 +let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +! mk_usize 32 let v_SECRET_KEY_SIZE_512_: usize = ((v_CPA_PKE_SECRET_KEY_SIZE_512_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_512_ <: usize) +! @@ -39,23 +39,23 @@ let v_SECRET_KEY_SIZE_512_: usize = usize) +! Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE -let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 +let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = mk_usize 10 let v_C1_BLOCK_SIZE_512_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_512_ <: usize) /! - sz 8 + mk_usize 8 let v_C1_SIZE_512_: usize = v_C1_BLOCK_SIZE_512_ *! v_RANK_512_ -let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 +let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = mk_usize 4 let v_C2_SIZE_512_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_512_ <: usize) /! - sz 8 + mk_usize 8 let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ @@ -65,26 +65,26 @@ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:t_Array u8 (sz 32) = res in + let res:t_Array u8 (mk_usize 32) = res in let shared_secret, valid = Spec.MLKEM.Instances.mlkem512_decapsulate private_key.f_value ciphertext.f_value in @@ -95,13 +95,16 @@ val decapsulate /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = res in + let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) + = + res + in let (ciphertext, shared_secret), valid = Spec.MLKEM.Instances.mlkem512_encapsulate public_key.f_value randomness in @@ -112,12 +115,12 @@ val encapsulate /// The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. /// This function returns an [`MlKem512KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (ensures fun res -> - let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = res in + let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800) = res in let (secret_key, public_key), valid = Spec.MLKEM.Instances.mlkem512_generate_keypair randomness in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst index 26a1de1e8..2b14d8b04 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst @@ -13,30 +13,30 @@ let _ = let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair serialized in @@ -44,26 +44,26 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair serialized in @@ -71,15 +71,15 @@ let key_pair_serialized_public_key_mut let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) public_key serialized in @@ -87,84 +87,85 @@ let serialized_public_key let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = generate_key_pair_mut randomness key_pair in key_pair let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 3) - (sz 2400) - (sz 1152) - (sz 1184) - (sz 1152) - (sz 1152) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1152) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 1152) private_key key_pair in @@ -172,38 +173,38 @@ let key_pair_from_private_mut let public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector key_pair <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) in pk let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 3) - (sz 1152) - (sz 1152) - (sz 1184) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1152) + (mk_usize 1184) public_key unpacked_public_key in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti index 26bf0ffd6..872119b82 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -14,28 +14,28 @@ let _ = /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -48,10 +48,10 @@ val key_pair_serialized_public_key /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires (forall (i: nat). i < 3 ==> @@ -65,10 +65,10 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -84,10 +84,10 @@ val serialized_public_key /// and an [`MlKem768Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -102,69 +102,69 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index ec517abff..e44bcc3ac 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -4,45 +4,49 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 3) - (sz 2400) - (sz 1088) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1088) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 3) (sz 2400) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (mk_usize 3) + (mk_usize 2400) + private_key let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) - (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) - (sz 1152) - (sz 1184) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1184) public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index 32d3615e9..d96534c5d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -6,41 +6,41 @@ open FStar.Mul /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst index 3a57c5f0b..2bbc95976 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst @@ -14,30 +14,30 @@ let _ = let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair serialized in @@ -45,26 +45,26 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair serialized in @@ -72,15 +72,15 @@ let key_pair_serialized_public_key_mut let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) public_key serialized in @@ -88,84 +88,85 @@ let serialized_public_key let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = generate_key_pair_mut randomness key_pair in key_pair let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 3) - (sz 2400) - (sz 1152) - (sz 1184) - (sz 1152) - (sz 1152) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1152) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 1152) private_key key_pair in @@ -173,38 +174,38 @@ let key_pair_from_private_mut let public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector key_pair <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) in pk let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 3) - (sz 1152) - (sz 1152) - (sz 1184) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1152) + (mk_usize 1184) public_key unpacked_public_key in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti index 3fbc5e15c..59b7ad4b9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -15,28 +15,28 @@ let _ = /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -49,10 +49,10 @@ val key_pair_serialized_public_key /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires (forall (i: nat). i < 3 ==> @@ -66,10 +66,10 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -85,10 +85,10 @@ val serialized_public_key /// and an [`MlKem768Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -103,29 +103,29 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -133,7 +133,7 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -141,19 +141,19 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -161,25 +161,25 @@ val key_pair_from_private_mut /// Get the unpacked public key. val public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index d6ffc47a4..e69aac8f9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -4,45 +4,49 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 3) - (sz 2400) - (sz 1088) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1088) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 3) (sz 2400) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (mk_usize 3) + (mk_usize 2400) + private_key let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) - (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) - (sz 1152) - (sz 1184) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1184) public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index 00fc18c11..39c77b97c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -6,41 +6,41 @@ open FStar.Mul /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst index 02504bb00..3592fe155 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst @@ -14,30 +14,30 @@ let _ = let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair serialized in @@ -45,26 +45,26 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair serialized in @@ -72,15 +72,15 @@ let key_pair_serialized_public_key_mut let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) public_key serialized in @@ -88,84 +88,85 @@ let serialized_public_key let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = generate_key_pair_mut randomness key_pair in key_pair let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 3) - (sz 2400) - (sz 1152) - (sz 1184) - (sz 1152) - (sz 1152) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1152) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 1152) private_key key_pair in @@ -173,38 +174,38 @@ let key_pair_from_private_mut let public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector key_pair <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in pk let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 3) - (sz 1152) - (sz 1152) - (sz 1184) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1152) + (mk_usize 1184) public_key unpacked_public_key in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti index e4f2a98e1..50d0472f1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -15,28 +15,28 @@ let _ = /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -49,10 +49,10 @@ val key_pair_serialized_public_key /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires (forall (i: nat). i < 3 ==> @@ -66,10 +66,10 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -85,10 +85,10 @@ val serialized_public_key /// and an [`MlKem768Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -103,29 +103,29 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -133,7 +133,7 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -141,19 +141,19 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -161,25 +161,25 @@ val key_pair_from_private_mut /// Get the unpacked public key. val public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index ef78b1c7e..05a57a0ca 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -4,47 +4,49 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 3) - (sz 2400) - (sz 1088) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1088) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 3) - (sz 2400) +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (mk_usize 3) + (mk_usize 2400) private_key let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) - (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) - (sz 1152) - (sz 1184) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1184) public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index d503ab893..874d29854 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -6,41 +6,41 @@ open FStar.Mul /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst index 80ac366d4..ce2ab4c53 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst @@ -13,22 +13,24 @@ let encapsulate (#impl_277843321_: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 32) = tmp1 in + let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & + t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Mlkem768.encapsulate public_key randomness in rng, hax_temp_output <: - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32))) let generate_key_pair (#impl_277843321_: Type0) @@ -36,16 +38,16 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 64) = tmp1 in + let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184) = Libcrux_ml_kem.Mlkem768.generate_key_pair randomness in rng, hax_temp_output <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti index fb034e0f5..5827b20d9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti @@ -18,10 +18,11 @@ val encapsulate (#impl_277843321_: Type0) {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (rng: impl_277843321_) : Prims.Pure - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) @@ -34,6 +35,7 @@ val generate_key_pair {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} (rng: impl_277843321_) - : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) + : Prims.Pure + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index 7a9f4607c..655395b83 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -4,53 +4,55 @@ open Core open FStar.Mul let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 3) - (sz 2400) - (sz 1088) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1088) private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) - (sz 1152) - (sz 1184) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1184) public_key.Libcrux_ml_kem.Types.f_value let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - let result:t_Array u8 (sz 32) = - Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) - private_key ciphertext + let result:t_Array u8 (mk_usize 32) = + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (mk_usize 3) (mk_usize 2400) (mk_usize 1152) + (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) + (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) + (mk_usize 1120) private_key ciphertext in let _:Prims.unit = admit () (* Panic freedom *) in result let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) = - let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (mk_usize 3) (mk_usize 1088) (mk_usize 1184) + (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) (mk_usize 320) + (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness in let _:Prims.unit = admit () (* Panic freedom *) in result -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = - Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness in let _:Prims.unit = admit () (* Panic freedom *) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index d1d7c217f..1a19b1198 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -3,34 +3,34 @@ module Libcrux_ml_kem.Mlkem768 open Core open FStar.Mul -let v_ETA1: usize = sz 2 +let v_ETA1: usize = mk_usize 2 -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! mk_usize 64 -let v_ETA2: usize = sz 2 +let v_ETA2: usize = mk_usize 2 -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! mk_usize 64 -let v_RANK_768_: usize = sz 3 +let v_RANK_768_: usize = mk_usize 3 let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize = ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize = - (v_RANK_768_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 + (v_RANK_768_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! mk_usize 8 let v_T_AS_NTT_ENCODED_SIZE_768_: usize = ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 -let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = v_T_AS_NTT_ENCODED_SIZE_768_ +! sz 32 +let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = v_T_AS_NTT_ENCODED_SIZE_768_ +! mk_usize 32 let v_SECRET_KEY_SIZE_768_: usize = ((v_CPA_PKE_SECRET_KEY_SIZE_768_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_768_ <: usize) +! @@ -39,23 +39,23 @@ let v_SECRET_KEY_SIZE_768_: usize = usize) +! Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE -let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = sz 10 +let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = mk_usize 10 let v_C1_BLOCK_SIZE_768_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_768_ <: usize) /! - sz 8 + mk_usize 8 let v_C1_SIZE_768_: usize = v_C1_BLOCK_SIZE_768_ *! v_RANK_768_ -let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = sz 4 +let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = mk_usize 4 let v_C2_SIZE_768_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_768_ <: usize) /! - sz 8 + mk_usize 8 let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ @@ -65,26 +65,26 @@ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:t_Array u8 (sz 32) = res in + let res:t_Array u8 (mk_usize 32) = res in let shared_secret, valid = Spec.MLKEM.Instances.mlkem768_decapsulate private_key.f_value ciphertext.f_value in @@ -95,13 +95,16 @@ val decapsulate /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = res in + let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32) + ) = + res + in let (ciphertext, shared_secret), valid = Spec.MLKEM.Instances.mlkem768_encapsulate public_key.f_value randomness in @@ -112,12 +115,12 @@ val encapsulate /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. /// This function returns an [`MlKem768KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (ensures fun res -> - let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = res in + let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184) = res in let (secret_key, public_key), valid = Spec.MLKEM.Instances.mlkem768_generate_keypair randomness in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index c9cb3fbc7..cd1c9a19a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -41,8 +41,8 @@ let ntt_at_layer_1_ let _:Prims.unit = reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -64,7 +64,7 @@ let ntt_at_layer_1_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i +! sz 1 in + let zeta_i:usize = zeta_i +! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) @@ -82,16 +82,16 @@ let ntt_at_layer_1_ #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 1 <: usize) <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 2 <: usize) <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 3 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! mk_usize 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! mk_usize 2 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! mk_usize 3 <: usize) <: i16) <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in - let zeta_i:usize = zeta_i +! sz 3 in + let zeta_i:usize = zeta_i +! mk_usize 3 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) @@ -122,8 +122,8 @@ let ntt_at_layer_2_ let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -145,7 +145,7 @@ let ntt_at_layer_2_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i +! sz 1 in + let zeta_i:usize = zeta_i +! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) @@ -163,14 +163,14 @@ let ntt_at_layer_2_ #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! mk_usize 1 <: usize) <: i16) <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in - let zeta_i:usize = zeta_i +! sz 1 in + let zeta_i:usize = zeta_i +! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) @@ -201,8 +201,8 @@ let ntt_at_layer_3_ let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -224,7 +224,7 @@ let ntt_at_layer_3_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i +! sz 1 in + let zeta_i:usize = zeta_i +! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328) @@ -274,11 +274,11 @@ let ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) = - let step:usize = sz 1 <>! layer <: usize) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 128 >>! layer <: usize) (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -291,10 +291,10 @@ let ntt_at_layer_4_plus temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i +! sz 1 in - let offset:usize = (round *! step <: usize) *! sz 2 in - let offset_vec:usize = offset /! sz 16 in - let step_vec:usize = step /! sz 16 in + let zeta_i:usize = zeta_i +! mk_usize 1 in + let offset:usize = (round *! step <: usize) *! mk_usize 2 in + let offset_vec:usize = offset /! mk_usize 16 in + let step_vec:usize = step /! mk_usize 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range offset_vec (offset_vec +! step_vec <: usize) @@ -357,10 +357,10 @@ let ntt_at_layer_7_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in + let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! mk_usize 2 in let _:Prims.unit = assert (v step == 8) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) step (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -378,7 +378,7 @@ let ntt_at_layer_7_ Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step <: usize ] <: v_Vector) - (-1600s) + (mk_i16 (-1600)) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -434,39 +434,52 @@ let ntt_binomially_sampled_ring_element let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = ntt_at_layer_7_ #v_Vector re in - let zeta_i:usize = sz 1 in + let zeta_i:usize = mk_usize 1 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 11207) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 6) (mk_usize 11207) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 11207 +! sz 3328 <: usize) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 5) (mk_usize 11207 +! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 11207 +! (sz 2 *! sz 3328 <: usize) <: usize) + ntt_at_layer_4_plus #v_Vector + zeta_i + re + (mk_usize 4) + (mk_usize 11207 +! (mk_usize 2 *! mk_usize 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ #v_Vector zeta_i re (sz 11207 +! (sz 3 *! sz 3328 <: usize) <: usize) + ntt_at_layer_3_ #v_Vector + zeta_i + re + (mk_usize 11207 +! (mk_usize 3 *! mk_usize 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ #v_Vector zeta_i re (sz 11207 +! (sz 4 *! sz 3328 <: usize) <: usize) + ntt_at_layer_2_ #v_Vector + zeta_i + re + (mk_usize 11207 +! (mk_usize 4 *! mk_usize 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ #v_Vector zeta_i re (sz 11207 +! (sz 5 *! sz 3328 <: usize) <: usize) + ntt_at_layer_1_ #v_Vector + zeta_i + re + (mk_usize 11207 +! (mk_usize 5 *! mk_usize 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in @@ -492,45 +505,45 @@ let ntt_vector_u Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let zeta_i:usize = sz 0 in + let zeta_i:usize = mk_usize 0 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 7) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 7) (mk_usize 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 2 *! sz 3328 <: usize) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 6) (mk_usize 2 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3 *! sz 3328 <: usize) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 5) (mk_usize 3 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 4 *! sz 3328 <: usize) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 4) (mk_usize 4 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ #v_Vector zeta_i re (sz 5 *! sz 3328 <: usize) + ntt_at_layer_3_ #v_Vector zeta_i re (mk_usize 5 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ #v_Vector zeta_i re (sz 6 *! sz 3328 <: usize) + ntt_at_layer_2_ #v_Vector zeta_i re (mk_usize 6 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ #v_Vector zeta_i re (sz 7 *! sz 3328 <: usize) + ntt_at_layer_1_ #v_Vector zeta_i re (mk_usize 7 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 7f10c45bd..6bc63c08e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -133,8 +133,8 @@ val ntt_at_layer_4_plus (re_0 re_1: v_Vector) = (forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) - (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v (-1600s))) /\ - (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 (-1600s) in + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v ((mk_i16 (-1600))))) /\ + (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 ((mk_i16 (-1600))) in (forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) - diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 98121e9f7..007fd524a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -56,7 +56,7 @@ let add_error_reduce (myself error: t_PolynomialRingElement v_Vector) = let myself:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun myself temp_1_ -> let myself:t_PolynomialRingElement v_Vector = myself in @@ -70,7 +70,7 @@ let add_error_reduce Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector #FStar.Tactics.Typeclasses.solve (myself.f_coefficients.[ j ] <: v_Vector) - 1441s + (mk_i16 1441) in let myself:t_PolynomialRingElement v_Vector = { @@ -119,7 +119,7 @@ let add_message_error_reduce (myself message result: t_PolynomialRingElement v_Vector) = let result:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun result temp_1_ -> let result:t_PolynomialRingElement v_Vector = result in @@ -133,7 +133,7 @@ let add_message_error_reduce Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector #FStar.Tactics.Typeclasses.solve (result.f_coefficients.[ i ] <: v_Vector) - 1441s + (mk_i16 1441) in let tmp:v_Vector = Libcrux_ml_kem.Vector.Traits.f_add #v_Vector @@ -187,7 +187,7 @@ let add_standard_error_reduce (myself error: t_PolynomialRingElement v_Vector) = let myself:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun myself temp_1_ -> let myself:t_PolynomialRingElement v_Vector = myself in @@ -248,7 +248,7 @@ let poly_barrett_reduce (myself: t_PolynomialRingElement v_Vector) = let myself:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun myself temp_1_ -> let myself:t_PolynomialRingElement v_Vector = myself in @@ -270,7 +270,7 @@ let poly_barrett_reduce <: v_Vector) <: - t_Array v_Vector (sz 16) + t_Array v_Vector (mk_usize 16) } <: t_PolynomialRingElement v_Vector) @@ -299,7 +299,7 @@ let subtract_reduce (myself b: t_PolynomialRingElement v_Vector) = let b:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun b temp_1_ -> let b:t_PolynomialRingElement v_Vector = b in @@ -313,7 +313,7 @@ let subtract_reduce Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector #FStar.Tactics.Typeclasses.solve (b.f_coefficients.[ i ] <: v_Vector) - 1441s + (mk_i16 1441) in let b:t_PolynomialRingElement v_Vector = { @@ -365,7 +365,7 @@ let impl_2__ZERO () <: v_Vector) - (sz 16) + (mk_usize 16) } <: t_PolynomialRingElement v_Vector @@ -385,7 +385,7 @@ let v_ZERO () <: v_Vector) - (sz 16) + (mk_usize 16) } <: t_PolynomialRingElement v_Vector @@ -399,7 +399,7 @@ let from_i16_array = let result:t_PolynomialRingElement v_Vector = v_ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun result temp_1_ -> let result:t_PolynomialRingElement v_Vector = result in @@ -418,8 +418,8 @@ let from_i16_array (Libcrux_ml_kem.Vector.Traits.f_from_i16_array #v_Vector #FStar.Tactics.Typeclasses.solve (a.[ { - Core.Ops.Range.f_start = i *! sz 16 <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! sz 16 <: usize + Core.Ops.Range.f_start = i *! mk_usize 16 <: usize; + Core.Ops.Range.f_end = (i +! mk_usize 1 <: usize) *! mk_usize 16 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -428,7 +428,7 @@ let from_i16_array <: v_Vector) <: - t_Array v_Vector (sz 16) + t_Array v_Vector (mk_usize 16) } <: t_PolynomialRingElement v_Vector) @@ -454,7 +454,7 @@ let ntt_multiply = let out:t_PolynomialRingElement v_Vector = v_ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun out temp_1_ -> let out:t_PolynomialRingElement v_Vector = out in @@ -474,14 +474,23 @@ let ntt_multiply #FStar.Tactics.Typeclasses.solve (myself.f_coefficients.[ i ] <: v_Vector) (rhs.f_coefficients.[ i ] <: v_Vector) - (zeta (sz 64 +! (sz 4 *! i <: usize) <: usize) <: i16) - (zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: usize) <: i16) - (zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 <: usize) <: i16) - (zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: usize) <: i16) + (zeta (mk_usize 64 +! (mk_usize 4 *! i <: usize) <: usize) <: i16) + (zeta ((mk_usize 64 +! (mk_usize 4 *! i <: usize) <: usize) +! mk_usize 1 <: usize + ) + <: + i16) + (zeta ((mk_usize 64 +! (mk_usize 4 *! i <: usize) <: usize) +! mk_usize 2 <: usize + ) + <: + i16) + (zeta ((mk_usize 64 +! (mk_usize 4 *! i <: usize) <: usize) +! mk_usize 3 <: usize + ) + <: + i16) <: v_Vector) <: - t_Array v_Vector (sz 16) + t_Array v_Vector (mk_usize 16) } <: t_PolynomialRingElement v_Vector) @@ -509,7 +518,7 @@ let add_to_ring_element (myself rhs: t_PolynomialRingElement v_Vector) = let myself:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_Vector (myself.f_coefficients <: t_Slice v_Vector) <: usize) (fun myself temp_1_ -> let myself:t_PolynomialRingElement v_Vector = myself in @@ -532,7 +541,7 @@ let add_to_ring_element <: v_Vector) <: - t_Array v_Vector (sz 16) + t_Array v_Vector (mk_usize 16) } <: t_PolynomialRingElement v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index c64101d1e..dc4e784fd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -9,21 +9,30 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = +let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (mk_usize 128) = let _:Prims.unit = assert_norm (pow2 16 == 65536) in let list = [ - (-1044s); (-758s); (-359s); (-1517s); 1493s; 1422s; 287s; 202s; (-171s); 622s; 1577s; 182s; - 962s; (-1202s); (-1474s); 1468s; 573s; (-1325s); 264s; 383s; (-829s); 1458s; (-1602s); (-130s); - (-681s); 1017s; 732s; 608s; (-1542s); 411s; (-205s); (-1571s); 1223s; 652s; (-552s); 1015s; - (-1293s); 1491s; (-282s); (-1544s); 516s; (-8s); (-320s); (-666s); (-1618s); (-1162s); 126s; - 1469s; (-853s); (-90s); (-271s); 830s; 107s; (-1421s); (-247s); (-951s); (-398s); 961s; - (-1508s); (-725s); 448s; (-1065s); 677s; (-1275s); (-1103s); 430s; 555s; 843s; (-1251s); 871s; - 1550s; 105s; 422s; 587s; 177s; (-235s); (-291s); (-460s); 1574s; 1653s; (-246s); 778s; 1159s; - (-147s); (-777s); 1483s; (-602s); 1119s; (-1590s); 644s; (-872s); 349s; 418s; 329s; (-156s); - (-75s); 817s; 1097s; 603s; 610s; 1322s; (-1285s); (-1465s); 384s; (-1215s); (-136s); 1218s; - (-1335s); (-874s); 220s; (-1187s); (-1659s); (-1185s); (-1530s); (-1278s); 794s; (-1510s); - (-854s); (-870s); 478s; (-108s); (-308s); 996s; 991s; 958s; (-1460s); 1522s; 1628s + mk_i16 (-1044); mk_i16 (-758); mk_i16 (-359); mk_i16 (-1517); mk_i16 1493; mk_i16 1422; + mk_i16 287; mk_i16 202; mk_i16 (-171); mk_i16 622; mk_i16 1577; mk_i16 182; mk_i16 962; + mk_i16 (-1202); mk_i16 (-1474); mk_i16 1468; mk_i16 573; mk_i16 (-1325); mk_i16 264; + mk_i16 383; mk_i16 (-829); mk_i16 1458; mk_i16 (-1602); mk_i16 (-130); mk_i16 (-681); + mk_i16 1017; mk_i16 732; mk_i16 608; mk_i16 (-1542); mk_i16 411; mk_i16 (-205); mk_i16 (-1571); + mk_i16 1223; mk_i16 652; mk_i16 (-552); mk_i16 1015; mk_i16 (-1293); mk_i16 1491; + mk_i16 (-282); mk_i16 (-1544); mk_i16 516; mk_i16 (-8); mk_i16 (-320); mk_i16 (-666); + mk_i16 (-1618); mk_i16 (-1162); mk_i16 126; mk_i16 1469; mk_i16 (-853); mk_i16 (-90); + mk_i16 (-271); mk_i16 830; mk_i16 107; mk_i16 (-1421); mk_i16 (-247); mk_i16 (-951); + mk_i16 (-398); mk_i16 961; mk_i16 (-1508); mk_i16 (-725); mk_i16 448; mk_i16 (-1065); + mk_i16 677; mk_i16 (-1275); mk_i16 (-1103); mk_i16 430; mk_i16 555; mk_i16 843; mk_i16 (-1251); + mk_i16 871; mk_i16 1550; mk_i16 105; mk_i16 422; mk_i16 587; mk_i16 177; mk_i16 (-235); + mk_i16 (-291); mk_i16 (-460); mk_i16 1574; mk_i16 1653; mk_i16 (-246); mk_i16 778; mk_i16 1159; + mk_i16 (-147); mk_i16 (-777); mk_i16 1483; mk_i16 (-602); mk_i16 1119; mk_i16 (-1590); + mk_i16 644; mk_i16 (-872); mk_i16 349; mk_i16 418; mk_i16 329; mk_i16 (-156); mk_i16 (-75); + mk_i16 817; mk_i16 1097; mk_i16 603; mk_i16 610; mk_i16 1322; mk_i16 (-1285); mk_i16 (-1465); + mk_i16 384; mk_i16 (-1215); mk_i16 (-136); mk_i16 1218; mk_i16 (-1335); mk_i16 (-874); + mk_i16 220; mk_i16 (-1187); mk_i16 (-1659); mk_i16 (-1185); mk_i16 (-1530); mk_i16 (-1278); + mk_i16 794; mk_i16 (-1510); mk_i16 (-854); mk_i16 (-870); mk_i16 478; mk_i16 (-108); + mk_i16 (-308); mk_i16 996; mk_i16 991; mk_i16 958; mk_i16 (-1460); mk_i16 1522; mk_i16 1628 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); @@ -31,7 +40,7 @@ let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = val zeta (i: usize) : Prims.Pure i16 - (requires i <. sz 128) + (requires i <. mk_usize 128) (ensures fun result -> let result:i16 = result in @@ -43,7 +52,7 @@ let v_VECTORS_IN_RING_ELEMENT: usize = type t_PolynomialRingElement (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { f_coefficients:t_Array v_Vector (sz 16) } + = { f_coefficients:t_Array v_Vector (mk_usize 16) } let to_spec_poly_t (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -154,7 +163,8 @@ val from_i16_array (a: t_Slice i16) : Prims.Pure (t_PolynomialRingElement v_Vector) (requires - (v_VECTORS_IN_RING_ELEMENT *! sz 16 <: usize) <=. (Core.Slice.impl__len #i16 a <: usize)) + (v_VECTORS_IN_RING_ELEMENT *! mk_usize 16 <: usize) <=. + (Core.Slice.impl__len #i16 a <: usize)) (fun _ -> Prims.l_True) val impl_2__from_i16_array @@ -163,7 +173,8 @@ val impl_2__from_i16_array (a: t_Slice i16) : Prims.Pure (t_PolynomialRingElement v_Vector) (requires - (v_VECTORS_IN_RING_ELEMENT *! sz 16 <: usize) <=. (Core.Slice.impl__len #i16 a <: usize)) + (v_VECTORS_IN_RING_ELEMENT *! mk_usize 16 <: usize) <=. + (Core.Slice.impl__len #i16 a <: usize)) (fun _ -> Prims.l_True) /// Given two `KyberPolynomialRingElement`s in their NTT representations, diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index c50a5c96b..8dc7807f5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -18,35 +18,39 @@ let sample_from_uniform_distribution_next Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Array (t_Array u8 v_N) v_K) (sampled_coefficients: t_Array usize v_K) - (out: t_Array (t_Array i16 (sz 272)) v_K) + (out: t_Array (t_Array i16 (mk_usize 272)) v_K) = - let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let out, sampled_coefficients:(t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun temp_0_ temp_1_ -> - let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = + let out, sampled_coefficients:(t_Array (t_Array i16 (mk_usize 272)) v_K & + t_Array usize v_K) = temp_0_ in let _:usize = temp_1_ in true) - (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + (out, sampled_coefficients <: (t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K)) (fun temp_0_ i -> - let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = + let out, sampled_coefficients:(t_Array (t_Array i16 (mk_usize 272)) v_K & + t_Array usize v_K) = temp_0_ in let i:usize = i in - Rust_primitives.Hax.Folds.fold_range (sz 0) - (v_N /! sz 24 <: usize) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (v_N /! mk_usize 24 <: usize) (fun temp_0_ temp_1_ -> - let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + let out, sampled_coefficients:(t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K) = temp_0_ in let _:usize = temp_1_ in true) - (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + (out, sampled_coefficients + <: + (t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K)) (fun temp_0_ r -> - let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + let out, sampled_coefficients:(t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K) = temp_0_ in @@ -61,41 +65,43 @@ let sample_from_uniform_distribution_next Libcrux_ml_kem.Vector.Traits.f_rej_sample #v_Vector #FStar.Tactics.Typeclasses.solve ((randomness.[ i ] <: t_Array u8 v_N).[ { - Core.Ops.Range.f_start = r *! sz 24 <: usize; - Core.Ops.Range.f_end = (r *! sz 24 <: usize) +! sz 24 <: usize + Core.Ops.Range.f_start = r *! mk_usize 24 <: usize; + Core.Ops.Range.f_end + = + (r *! mk_usize 24 <: usize) +! mk_usize 24 <: usize } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) - ((out.[ i ] <: t_Array i16 (sz 272)).[ { + ((out.[ i ] <: t_Array i16 (mk_usize 272)).[ { Core.Ops.Range.f_start = sampled_coefficients.[ i ] <: usize; Core.Ops.Range.f_end = - (sampled_coefficients.[ i ] <: usize) +! sz 16 <: usize + (sampled_coefficients.[ i ] <: usize) +! mk_usize 16 <: usize } <: Core.Ops.Range.t_Range usize ] <: t_Slice i16) in - let out:t_Array (t_Array i16 (sz 272)) v_K = + let out:t_Array (t_Array i16 (mk_usize 272)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i (Rust_primitives.Hax.Monomorphized_update_at.update_at_range (out.[ i ] <: - t_Array i16 (sz 272)) + t_Array i16 (mk_usize 272)) ({ Core.Ops.Range.f_start = sampled_coefficients.[ i ] <: usize; Core.Ops.Range.f_end = - (sampled_coefficients.[ i ] <: usize) +! sz 16 <: usize + (sampled_coefficients.[ i ] <: usize) +! mk_usize 16 <: usize } <: Core.Ops.Range.t_Range usize) tmp0 <: - t_Array i16 (sz 272)) + t_Array i16 (mk_usize 272)) in let sampled:usize = out1 in let sampled_coefficients:t_Array usize v_K = @@ -105,17 +111,17 @@ let sample_from_uniform_distribution_next in out, sampled_coefficients <: - (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) + (t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K) else out, sampled_coefficients <: - (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + (t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K)) <: - (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + (t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K)) in let done:bool = true in let done, sampled_coefficients:(bool & t_Array usize v_K) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun temp_0_ temp_1_ -> let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in @@ -142,7 +148,7 @@ let sample_from_uniform_distribution_next let hax_temp_output:bool = done in sampled_coefficients, out, hax_temp_output <: - (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) + (t_Array usize v_K & t_Array (t_Array i16 (mk_usize 272)) v_K & bool) #push-options "--admit_smt_queries true" @@ -155,13 +161,16 @@ let sample_from_xof (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (seeds: t_Array (t_Array u8 (sz 34)) v_K) + (seeds: t_Array (t_Array u8 (mk_usize 34)) v_K) = let (sampled_coefficients: t_Array usize v_K):t_Array usize v_K = - Rust_primitives.Hax.repeat (sz 0) v_K + Rust_primitives.Hax.repeat (mk_usize 0) v_K in - let (out: t_Array (t_Array i16 (sz 272)) v_K):t_Array (t_Array i16 (sz 272)) v_K = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0s (sz 272) <: t_Array i16 (sz 272)) v_K + let (out: t_Array (t_Array i16 (mk_usize 272)) v_K):t_Array (t_Array i16 (mk_usize 272)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 272) + <: + t_Array i16 (mk_usize 272)) + v_K in let xof_state:v_Hasher = Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb_final #v_Hasher @@ -169,25 +178,31 @@ let sample_from_xof #FStar.Tactics.Typeclasses.solve seeds in - let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 504)) v_K) = + let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (mk_usize 504)) v_K) = Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_first_three_blocks #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve xof_state in let xof_state:v_Hasher = tmp0 in - let randomness:t_Array (t_Array u8 (sz 504)) v_K = out1 in - let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) = - sample_from_uniform_distribution_next #v_Vector v_K (sz 504) randomness sampled_coefficients out + let randomness:t_Array (t_Array u8 (mk_usize 504)) v_K = out1 in + let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (mk_usize 272)) v_K & bool) = + sample_from_uniform_distribution_next #v_Vector + v_K + (mk_usize 504) + randomness + sampled_coefficients + out in let sampled_coefficients:t_Array usize v_K = tmp0 in - let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in + let out:t_Array (t_Array i16 (mk_usize 272)) v_K = tmp1 in let done:bool = out1 in - let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K & + let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher) = Rust_primitives.f_while_loop (fun temp_0_ -> - let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K & + let done, out, sampled_coefficients, xof_state:(bool & + t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher) = temp_0_ @@ -195,44 +210,46 @@ let sample_from_xof ~.done <: bool) (done, out, sampled_coefficients, xof_state <: - (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher)) + (bool & t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher)) (fun temp_0_ -> - let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K & + let done, out, sampled_coefficients, xof_state:(bool & + t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher) = temp_0_ in - let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 168)) v_K) = + let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (mk_usize 168)) v_K) = Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_next_block #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve xof_state in let xof_state:v_Hasher = tmp0 in - let randomness:t_Array (t_Array u8 (sz 168)) v_K = out1 in - let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) = + let randomness:t_Array (t_Array u8 (mk_usize 168)) v_K = out1 in + let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (mk_usize 272)) v_K & bool) + = sample_from_uniform_distribution_next #v_Vector v_K - (sz 168) + (mk_usize 168) randomness sampled_coefficients out in let sampled_coefficients:t_Array usize v_K = tmp0 in - let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in + let out:t_Array (t_Array i16 (mk_usize 272)) v_K = tmp1 in let done:bool = out1 in done, out, sampled_coefficients, xof_state <: - (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher)) + (bool & t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher)) in - Core.Array.impl_23__map #(t_Array i16 (sz 272)) + Core.Array.impl_23__map #(t_Array i16 (mk_usize 272)) v_K #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) out (fun s -> - let s:t_Array i16 (sz 272) = s in + let s:t_Array i16 (mk_usize 272) = s in Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector - (s.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 256 } + (s.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 256 } <: Core.Ops.Range.t_Range usize ] <: @@ -255,67 +272,72 @@ let sample_from_binomial_distribution_2_ assert (v (sz 2 *! sz 64) == 128); assert (Seq.length randomness == 128) in - let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in - let sampled_i16s:t_Array i16 (sz 256) = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + let sampled_i16s:t_Array i16 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 256) + in + let sampled_i16s:t_Array i16 (mk_usize 256) = + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 4) randomness (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let _:usize = temp_1_ in true) sampled_i16s (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in let (random_bits_as_u32: u32):u32 = - (((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. - ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 1431655765ul in + let even_bits:u32 = random_bits_as_u32 &. mk_u32 1431655765 in + let odd_bits:u32 = (random_bits_as_u32 >>! mk_i32 1 <: u32) &. mk_u32 1431655765 in let _:Prims.unit = - logand_lemma random_bits_as_u32 1431655765ul; - logand_lemma (random_bits_as_u32 >>! 1l) 1431655765ul + logand_lemma random_bits_as_u32 (mk_u32 1431655765); + logand_lemma (random_bits_as_u32 >>! (mk_i32 1)) (mk_u32 1431655765) in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Rust_primitives.Hax.Folds.fold_range_step_by 0ul + Rust_primitives.Hax.Folds.fold_range_step_by (mk_u32 0) Core.Num.impl__u32__BITS - (sz 4) + (mk_usize 4) (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let _:u32 = temp_1_ in true) sampled_i16s (fun sampled_i16s outcome_set -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let outcome_set:u32 = outcome_set in let outcome_1_:i16 = - cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) <: i16 + cast ((coin_toss_outcomes >>! outcome_set <: u32) &. mk_u32 3 <: u32) <: i16 in let outcome_2_:i16 = - cast ((coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) &. 3ul <: u32) + cast ((coin_toss_outcomes >>! (outcome_set +! mk_u32 2 <: u32) <: u32) &. mk_u32 3 + <: + u32) <: i16 in let _:Prims.unit = - logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 3ul; - logand_lemma (coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) 3ul; + logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) (mk_u32 3); + logand_lemma (coin_toss_outcomes >>! (outcome_set +! (mk_u32 2) <: u32) <: u32) + (mk_u32 3); assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 3); assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 3); assert (v chunk_number <= 31); assert (v (sz 8 *! chunk_number <: usize) <= 248); - assert (v (cast (outcome_set >>! 2l <: u32) <: usize) <= 7) + assert (v (cast (outcome_set >>! (mk_i32 2) <: u32) <: usize) <= 7) in - let offset:usize = cast (outcome_set >>! 2l <: u32) <: usize in - let sampled_i16s:t_Array i16 (sz 256) = + let offset:usize = cast (outcome_set >>! mk_i32 2 <: u32) <: usize in + let sampled_i16s:t_Array i16 (mk_usize 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s - ((sz 8 *! chunk_number <: usize) +! offset <: usize) + ((mk_usize 8 *! chunk_number <: usize) +! offset <: usize) (outcome_1_ -! outcome_2_ <: i16) in sampled_i16s)) @@ -337,66 +359,71 @@ let sample_from_binomial_distribution_3_ assert (v (sz 3 *! sz 64) == 192); assert (Seq.length randomness == 192) in - let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in - let sampled_i16s:t_Array i16 (sz 256) = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) + let sampled_i16s:t_Array i16 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 256) + in + let sampled_i16s:t_Array i16 (mk_usize 256) = + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 3) randomness (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let _:usize = temp_1_ in true) sampled_i16s (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in let (random_bits_as_u24: u32):u32 = - ((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. - ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 2396745ul in - let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in + let first_bits:u32 = random_bits_as_u24 &. mk_u32 2396745 in + let second_bits:u32 = (random_bits_as_u24 >>! mk_i32 1 <: u32) &. mk_u32 2396745 in + let third_bits:u32 = (random_bits_as_u24 >>! mk_i32 2 <: u32) &. mk_u32 2396745 in let _:Prims.unit = - logand_lemma random_bits_as_u24 2396745ul; - logand_lemma (random_bits_as_u24 >>! 1l <: u32) 2396745ul; - logand_lemma (random_bits_as_u24 >>! 2l <: u32) 2396745ul + logand_lemma random_bits_as_u24 (mk_u32 2396745); + logand_lemma (random_bits_as_u24 >>! (mk_i32 1) <: u32) (mk_u32 2396745); + logand_lemma (random_bits_as_u24 >>! (mk_i32 2) <: u32) (mk_u32 2396745) in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Rust_primitives.Hax.Folds.fold_range_step_by 0l - 24l - (sz 6) + Rust_primitives.Hax.Folds.fold_range_step_by (mk_i32 0) + (mk_i32 24) + (mk_usize 6) (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let _:i32 = temp_1_ in true) sampled_i16s (fun sampled_i16s outcome_set -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let outcome_set:i32 = outcome_set in let outcome_1_:i16 = - cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32) <: i16 + cast ((coin_toss_outcomes >>! outcome_set <: u32) &. mk_u32 7 <: u32) <: i16 in let outcome_2_:i16 = - cast ((coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) &. 7ul <: u32) + cast ((coin_toss_outcomes >>! (outcome_set +! mk_i32 3 <: i32) <: u32) &. mk_u32 7 + <: + u32) <: i16 in let _:Prims.unit = - logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 7ul; - logand_lemma (coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) 7ul; + logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) (mk_u32 7); + logand_lemma (coin_toss_outcomes >>! (outcome_set +! (mk_i32 3) <: i32) <: u32) + (mk_u32 7); assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 7); assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 7); assert (v chunk_number <= 63); assert (v (sz 4 *! chunk_number <: usize) <= 252); - assert (v (cast (outcome_set /! 6l <: i32) <: usize) <= 3) + assert (v (cast (outcome_set /! (mk_i32 6) <: i32) <: usize) <= 3) in - let offset:usize = cast (outcome_set /! 6l <: i32) <: usize in - let sampled_i16s:t_Array i16 (sz 256) = + let offset:usize = cast (outcome_set /! mk_i32 6 <: i32) <: usize in + let sampled_i16s:t_Array i16 (mk_usize 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s - ((sz 4 *! chunk_number <: usize) +! offset <: usize) + ((mk_usize 4 *! chunk_number <: usize) +! offset <: usize) (outcome_1_ -! outcome_2_ <: i16) in sampled_i16s)) @@ -416,8 +443,8 @@ let sample_from_binomial_distribution let _:Prims.unit = assert ((v (cast v_ETA <: u32) == 2) \/ (v (cast v_ETA <: u32) == 3)) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = match cast (v_ETA <: usize) <: u32 with - | 2ul -> sample_from_binomial_distribution_2_ #v_Vector randomness - | 3ul -> sample_from_binomial_distribution_3_ #v_Vector randomness + | Rust_primitives.Integers.MkInt 2 -> sample_from_binomial_distribution_2_ #v_Vector randomness + | Rust_primitives.Integers.MkInt 3 -> sample_from_binomial_distribution_3_ #v_Vector randomness | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti index ecaa33053..a1d36d0f0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti @@ -49,8 +49,8 @@ val sample_from_uniform_distribution_next {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Array (t_Array u8 v_N) v_K) (sampled_coefficients: t_Array usize v_K) - (out: t_Array (t_Array i16 (sz 272)) v_K) - : Prims.Pure (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) + (out: t_Array (t_Array i16 (mk_usize 272)) v_K) + : Prims.Pure (t_Array usize v_K & t_Array (t_Array i16 (mk_usize 272)) v_K & bool) Prims.l_True (fun _ -> Prims.l_True) @@ -59,7 +59,7 @@ val sample_from_xof (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (seeds: t_Array (t_Array u8 (sz 34)) v_K) + (seeds: t_Array (t_Array u8 (mk_usize 34)) v_K) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -107,7 +107,8 @@ val sample_from_binomial_distribution_2_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 randomness <: usize) =. (sz 2 *! sz 64 <: usize)) + (requires + (Core.Slice.impl__len #u8 randomness <: usize) =. (mk_usize 2 *! mk_usize 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_binomial_distribution_3_ @@ -115,7 +116,8 @@ val sample_from_binomial_distribution_3_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 randomness <: usize) =. (sz 3 *! sz 64 <: usize)) + (requires + (Core.Slice.impl__len #u8 randomness <: usize) =. (mk_usize 3 *! mk_usize 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_binomial_distribution @@ -125,8 +127,8 @@ val sample_from_binomial_distribution (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires - (v_ETA =. sz 2 || v_ETA =. sz 3) && - (Core.Slice.impl__len #u8 randomness <: usize) =. (v_ETA *! sz 64 <: usize)) + (v_ETA =. mk_usize 2 || v_ETA =. mk_usize 3) && + (Core.Slice.impl__len #u8 randomness <: usize) =. (v_ETA *! mk_usize 64 <: usize)) (ensures fun result -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index d24b6539c..efc779ddb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -35,7 +35,7 @@ let deserialize_then_decompress_10_ Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 20) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 20) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -60,7 +60,7 @@ let deserialize_then_decompress_10_ i (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector #FStar.Tactics.Typeclasses.solve - 10l + (mk_i32 10) coefficient <: v_Vector) @@ -88,7 +88,7 @@ let deserialize_then_decompress_11_ Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 22) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -113,7 +113,7 @@ let deserialize_then_decompress_11_ i (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector #FStar.Tactics.Typeclasses.solve - 11l + (mk_i32 11) coefficient <: v_Vector) @@ -141,7 +141,7 @@ let deserialize_then_decompress_4_ Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 8) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -166,7 +166,7 @@ let deserialize_then_decompress_4_ i (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector #FStar.Tactics.Typeclasses.solve - 4l + (mk_i32 4) coefficient <: v_Vector) @@ -194,7 +194,7 @@ let deserialize_then_decompress_5_ Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 10) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -231,7 +231,7 @@ let deserialize_then_decompress_5_ i (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector #FStar.Tactics.Typeclasses.solve - 5l + (mk_i32 5) (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -250,14 +250,14 @@ let deserialize_then_decompress_message (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (serialized: t_Array u8 (sz 32)) + (serialized: t_Array u8 (mk_usize 32)) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let _:usize = temp_1_ in @@ -270,8 +270,8 @@ let deserialize_then_decompress_message Libcrux_ml_kem.Vector.Traits.f_deserialize_1_ #v_Vector #FStar.Tactics.Typeclasses.solve (serialized.[ { - Core.Ops.Range.f_start = sz 2 *! i <: usize; - Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize + Core.Ops.Range.f_start = mk_usize 2 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 2 *! i <: usize) +! mk_usize 2 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -313,8 +313,8 @@ let deserialize_then_decompress_ring_element_u in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 10ul -> deserialize_then_decompress_10_ #v_Vector serialized - | 11ul -> deserialize_then_decompress_11_ #v_Vector serialized + | Rust_primitives.Integers.MkInt 10 -> deserialize_then_decompress_10_ #v_Vector serialized + | Rust_primitives.Integers.MkInt 11 -> deserialize_then_decompress_11_ #v_Vector serialized | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -338,8 +338,8 @@ let deserialize_then_decompress_ring_element_v in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 4ul -> deserialize_then_decompress_4_ #v_Vector serialized - | 5ul -> deserialize_then_decompress_5_ #v_Vector serialized + | Rust_primitives.Integers.MkInt 4 -> deserialize_then_decompress_4_ #v_Vector serialized + | Rust_primitives.Integers.MkInt 5 -> deserialize_then_decompress_5_ #v_Vector serialized | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -361,7 +361,7 @@ let deserialize_to_reduced_ring_element Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 24) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -476,7 +476,7 @@ let deserialize_to_uncompressed_ring_element Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 24) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -499,7 +499,7 @@ let deserialize_to_uncompressed_ring_element <: v_Vector) <: - t_Array v_Vector (sz 16) + t_Array v_Vector (mk_usize 16) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -517,9 +517,9 @@ let compress_then_serialize_10_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let _:Prims.unit = assert_norm (pow2 10 == 1024) in - let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat (mk_u8 0) v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -537,13 +537,13 @@ let compress_then_serialize_10_ let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve - 10l + (mk_i32 10) (to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 20) = + let bytes:t_Array u8 (mk_usize 20) = Libcrux_ml_kem.Vector.Traits.f_serialize_10_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficient @@ -551,15 +551,15 @@ let compress_then_serialize_10_ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 20 *! i <: usize; - Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize + Core.Ops.Range.f_start = mk_usize 20 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 20 *! i <: usize) +! mk_usize 20 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 20 *! i <: usize; - Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize + Core.Ops.Range.f_start = mk_usize 20 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 20 *! i <: usize) +! mk_usize 20 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -585,9 +585,9 @@ let compress_then_serialize_11_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat (mk_u8 0) v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized temp_1_ -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -600,13 +600,13 @@ let compress_then_serialize_11_ let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve - 11l + (mk_i32 11) (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 22) = + let bytes:t_Array u8 (mk_usize 22) = Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficient @@ -614,15 +614,15 @@ let compress_then_serialize_11_ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 22 *! i <: usize; - Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize + Core.Ops.Range.f_start = mk_usize 22 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 22 *! i <: usize) +! mk_usize 22 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 22 *! i <: usize; - Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize + Core.Ops.Range.f_start = mk_usize 22 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 22 *! i <: usize) +! mk_usize 22 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -648,7 +648,7 @@ let compress_then_serialize_4_ = let _:Prims.unit = assert_norm (pow2 4 == 16) in let serialized, result:(t_Slice u8 & Prims.unit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -667,13 +667,13 @@ let compress_then_serialize_4_ let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve - 4l + (mk_i32 4) (to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 8) = + let bytes:t_Array u8 (mk_usize 8) = Libcrux_ml_kem.Vector.Traits.f_serialize_4_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficient @@ -681,15 +681,15 @@ let compress_then_serialize_4_ let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 8 *! i <: usize; - Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize + Core.Ops.Range.f_start = mk_usize 8 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 8 *! i <: usize) +! mk_usize 8 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 8 *! i <: usize; - Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize + Core.Ops.Range.f_start = mk_usize 8 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 8 *! i <: usize) +! mk_usize 8 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -719,7 +719,7 @@ let compress_then_serialize_5_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -732,13 +732,13 @@ let compress_then_serialize_5_ let coefficients:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve - 5l + (mk_i32 5) (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 10) = + let bytes:t_Array u8 (mk_usize 10) = Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficients @@ -746,15 +746,15 @@ let compress_then_serialize_5_ let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 10 *! i <: usize; - Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize + Core.Ops.Range.f_start = mk_usize 10 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 10 *! i <: usize) +! mk_usize 10 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 10 *! i <: usize; - Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize + Core.Ops.Range.f_start = mk_usize 10 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 10 *! i <: usize) +! mk_usize 10 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -777,17 +777,17 @@ let compress_then_serialize_message Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let serialized:t_Array u8 (sz 32) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let serialized:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun serialized i -> - let serialized:t_Array u8 (sz 32) = serialized in + let serialized:t_Array u8 (mk_usize 32) = serialized in let i:usize = i in v i < 16 ==> coefficients_field_modulus_range re) serialized (fun serialized i -> - let serialized:t_Array u8 (sz 32) = serialized in + let serialized:t_Array u8 (mk_usize 32) = serialized in let i:usize = i in let _:Prims.unit = assert (2 * v i + 2 <= 32) in let _:Prims.unit = @@ -803,23 +803,23 @@ let compress_then_serialize_message #FStar.Tactics.Typeclasses.solve coefficient in - let bytes:t_Array u8 (sz 2) = + let bytes:t_Array u8 (mk_usize 2) = Libcrux_ml_kem.Vector.Traits.f_serialize_1_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficient_compressed in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 2 *! i <: usize; - Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize + Core.Ops.Range.f_start = mk_usize 2 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 2 *! i <: usize) +! mk_usize 2 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 2 *! i <: usize; - Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize + Core.Ops.Range.f_start = mk_usize 2 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 2 *! i <: usize) +! mk_usize 2 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -831,7 +831,7 @@ let compress_then_serialize_message in serialized) in - let result:t_Array u8 (sz 32) = serialized in + let result:t_Array u8 (mk_usize 32) = serialized in let _:Prims.unit = admit () (* Panic freedom *) in result @@ -845,13 +845,12 @@ let compress_then_serialize_ring_element_u = let _:Prims.unit = assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 10) \/ - (v (cast v_COMPRESSION_FACTOR <: u32) == 11)); - Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR) + (v (cast v_COMPRESSION_FACTOR <: u32) == 11)) in let result:t_Array u8 v_OUT_LEN = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 10ul -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re - | 11ul -> compress_then_serialize_11_ v_OUT_LEN #v_Vector re + | Rust_primitives.Integers.MkInt 10 -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re + | Rust_primitives.Integers.MkInt 11 -> compress_then_serialize_11_ v_OUT_LEN #v_Vector re | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -872,13 +871,14 @@ let compress_then_serialize_ring_element_v = let _:Prims.unit = assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 4) \/ - (v (cast v_COMPRESSION_FACTOR <: u32) == 5)); - Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR) + (v (cast v_COMPRESSION_FACTOR <: u32) == 5)) in let out, result:(t_Slice u8 & Prims.unit) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 4ul -> compress_then_serialize_4_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) - | 5ul -> compress_then_serialize_5_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) + | Rust_primitives.Integers.MkInt 4 -> + compress_then_serialize_4_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) + | Rust_primitives.Integers.MkInt 5 -> + compress_then_serialize_5_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) | _ -> out, Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -900,17 +900,17 @@ let serialize_uncompressed_ring_element (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let _:Prims.unit = assert_norm (pow2 12 == 4096) in - let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let serialized:t_Array u8 (mk_usize 384) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 384) in + let serialized:t_Array u8 (mk_usize 384) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized i -> - let serialized:t_Array u8 (sz 384) = serialized in + let serialized:t_Array u8 (mk_usize 384) = serialized in let i:usize = i in v i >= 0 /\ v i <= 16 /\ v i < 16 ==> coefficients_field_modulus_range re) serialized (fun serialized i -> - let serialized:t_Array u8 (sz 384) = serialized in + let serialized:t_Array u8 (mk_usize 384) = serialized in let i:usize = i in let _:Prims.unit = assert (24 * v i + 24 <= 384) in let _:Prims.unit = @@ -921,23 +921,23 @@ let serialize_uncompressed_ring_element to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) in - let bytes:t_Array u8 (sz 24) = + let bytes:t_Array u8 (mk_usize 24) = Libcrux_ml_kem.Vector.Traits.f_serialize_12_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficient in - let serialized:t_Array u8 (sz 384) = + let serialized:t_Array u8 (mk_usize 384) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 24 *! i <: usize; - Core.Ops.Range.f_end = (sz 24 *! i <: usize) +! sz 24 <: usize + Core.Ops.Range.f_start = mk_usize 24 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 24 *! i <: usize) +! mk_usize 24 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 24 *! i <: usize; - Core.Ops.Range.f_end = (sz 24 *! i <: usize) +! sz 24 <: usize + Core.Ops.Range.f_start = mk_usize 24 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 24 *! i <: usize) +! mk_usize 24 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -949,6 +949,6 @@ let serialize_uncompressed_ring_element in serialized) in - let result:t_Array u8 (sz 384) = serialized in + let result:t_Array u8 (mk_usize 384) = serialized in let _:Prims.unit = admit () (* Panic freedom *) in result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index ba52b97a2..3056620bf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -43,7 +43,7 @@ val deserialize_then_decompress_10_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 320) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 320) (fun _ -> Prims.l_True) val deserialize_then_decompress_11_ @@ -51,7 +51,7 @@ val deserialize_then_decompress_11_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 352) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 352) (fun _ -> Prims.l_True) val deserialize_then_decompress_4_ @@ -59,7 +59,7 @@ val deserialize_then_decompress_4_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 128) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 128) (fun _ -> Prims.l_True) val deserialize_then_decompress_5_ @@ -67,13 +67,13 @@ val deserialize_then_decompress_5_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 160) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 160) (fun _ -> Prims.l_True) val deserialize_then_decompress_message (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - (serialized: t_Array u8 (sz 32)) + (serialized: t_Array u8 (mk_usize 32)) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (ensures @@ -89,8 +89,9 @@ val deserialize_then_decompress_ring_element_u (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires - (v_COMPRESSION_FACTOR =. sz 10 || v_COMPRESSION_FACTOR =. sz 11) && - (Core.Slice.impl__len #u8 serialized <: usize) =. (sz 32 *! v_COMPRESSION_FACTOR <: usize)) + (v_COMPRESSION_FACTOR =. mk_usize 10 || v_COMPRESSION_FACTOR =. mk_usize 11) && + (Core.Slice.impl__len #u8 serialized <: usize) =. + (mk_usize 32 *! v_COMPRESSION_FACTOR <: usize)) (ensures fun result -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -212,7 +213,7 @@ val compress_then_serialize_5_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 160) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 160) (ensures fun serialized_future -> let serialized_future:t_Slice u8 = serialized_future in @@ -222,11 +223,11 @@ val compress_then_serialize_message (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires coefficients_field_modulus_range re) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.MLKEM.compress_then_encode_message (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re)) @@ -271,10 +272,10 @@ val serialize_uncompressed_ring_element (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 (sz 384)) + : Prims.Pure (t_Array u8 (mk_usize 384)) (requires coefficients_field_modulus_range re) (ensures fun result -> - let result:t_Array u8 (sz 384) = result in + let result:t_Array u8 (mk_usize 384) = result in result == Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index 900372fd8..6591bf67f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -267,7 +267,7 @@ let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) = f_default = fun (_: Prims.unit) -> - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MlKemCiphertext v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -278,7 +278,7 @@ let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) = f_default = fun (_: Prims.unit) -> - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MlKemPrivateKey v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -289,7 +289,7 @@ let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) = f_default = fun (_: Prims.unit) -> - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MlKemPublicKey v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst index 84b152b40..2626fbf08 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst @@ -5,18 +5,24 @@ open FStar.Mul #push-options "--z3rlimit 200" -let prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (domain_separator: u8) = +let prf_input_inc + (v_K: usize) + (prf_inputs: t_Array (t_Array u8 (mk_usize 33)) v_K) + (domain_separator: u8) + = let v__domain_separator_init:u8 = domain_separator in - let v__prf_inputs_init:t_Array (t_Array u8 (sz 33)) v_K = - Core.Clone.f_clone #(t_Array (t_Array u8 (sz 33)) v_K) + let v__prf_inputs_init:t_Array (t_Array u8 (mk_usize 33)) v_K = + Core.Clone.f_clone #(t_Array (t_Array u8 (mk_usize 33)) v_K) #FStar.Tactics.Typeclasses.solve prf_inputs in - let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (mk_usize 33)) v_K) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun temp_0_ i -> - let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (mk_usize 33)) v_K) = + temp_0_ + in let i:usize = i in v domain_separator == v v__domain_separator_init + v i /\ (v i < v v_K ==> @@ -27,42 +33,44 @@ let prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (d v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\ Seq.slice (Seq.index prf_inputs j) 0 32 == Seq.slice (Seq.index v__prf_inputs_init j) 0 32)) - (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) + (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (mk_usize 33)) v_K)) (fun temp_0_ i -> - let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (mk_usize 33)) v_K) = + temp_0_ + in let i:usize = i in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = + let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs i (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] <: - t_Array u8 (sz 33)) - (sz 32) + t_Array u8 (mk_usize 33)) + (mk_usize 32) domain_separator <: - t_Array u8 (sz 33)) + t_Array u8 (mk_usize 33)) in - let domain_separator:u8 = domain_separator +! 1uy in - domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) + let domain_separator:u8 = domain_separator +! mk_u8 1 in + domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (mk_usize 33)) v_K)) in let hax_temp_output:u8 = domain_separator in - prf_inputs, hax_temp_output <: (t_Array (t_Array u8 (sz 33)) v_K & u8) + prf_inputs, hax_temp_output <: (t_Array (t_Array u8 (mk_usize 33)) v_K & u8) #pop-options let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = - let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat (mk_u8 0) v_LEN in let out:t_Array u8 v_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (out.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: @@ -76,7 +84,7 @@ let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = let _:Prims.unit = assert (Seq.slice out 0 (Seq.length slice) == slice) in let _:Prims.unit = assert (Seq.slice out (Seq.length slice) (v v_LEN) == - Seq.slice (Seq.create (v v_LEN) 0uy) (Seq.length slice) (v v_LEN)) + Seq.slice (Seq.create (v v_LEN) (mk_u8 0)) (Seq.length slice) (v v_LEN)) in let _:Prims.unit = assert (forall i. i < Seq.length slice ==> Seq.index out i == Seq.index slice i) @@ -88,6 +96,6 @@ let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = Seq.index (Seq.slice out (Seq.length slice) (v v_LEN)) (i - Seq.length slice)) in let _:Prims.unit = - Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) 0uy)) + Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) (mk_u8 0))) in out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti index 033a1e9d3..a6184c2a2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -3,12 +3,15 @@ module Libcrux_ml_kem.Utils open Core open FStar.Mul -val prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (domain_separator: u8) - : Prims.Pure (t_Array (t_Array u8 (sz 33)) v_K & u8) +val prf_input_inc + (v_K: usize) + (prf_inputs: t_Array (t_Array u8 (mk_usize 33)) v_K) + (domain_separator: u8) + : Prims.Pure (t_Array (t_Array u8 (mk_usize 33)) v_K & u8) (requires range (v domain_separator + v v_K) u8_inttype) (ensures fun temp_0_ -> - let prf_inputs_future, ds:(t_Array (t_Array u8 (sz 33)) v_K & u8) = temp_0_ in + let prf_inputs_future, ds:(t_Array (t_Array u8 (mk_usize 33)) v_K & u8) = temp_0_ in v ds == v domain_separator + v v_K /\ (forall (i: nat). i < v v_K ==> @@ -23,5 +26,5 @@ val into_padded_array (v_LEN: usize) (slice: t_Slice u8) (ensures fun result -> let result:t_Array u8 v_LEN = result in - result == Seq.append slice (Seq.create (v v_LEN - v (Core.Slice.impl__len #u8 slice)) 0uy) - ) + result == + Seq.append slice (Seq.create (v v_LEN - v (Core.Slice.impl__len #u8 slice)) (mk_u8 0))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst index dcdeb0041..70a8e991a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst @@ -24,7 +24,7 @@ let impl: t_Variant t_MlKem = (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) -> - (Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32); + (Core.Slice.impl__len #u8 shared_secret <: usize) =. mk_usize 32); f_kdf_post = (fun @@ -36,7 +36,7 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - (res: t_Array u8 (sz 32)) + (res: t_Array u8 (mk_usize 32)) -> res == shared_secret); f_kdf @@ -51,8 +51,8 @@ let impl: t_Variant t_MlKem = (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in + let out:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let out:t_Array u8 (mk_usize 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in out); f_entropy_preprocess_pre = @@ -64,7 +64,7 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) -> - (Core.Slice.impl__len #u8 randomness <: usize) =. sz 32); + (Core.Slice.impl__len #u8 randomness <: usize) =. mk_usize 32); f_entropy_preprocess_post = (fun @@ -74,7 +74,7 @@ let impl: t_Variant t_MlKem = i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) - (res: t_Array u8 (sz 32)) + (res: t_Array u8 (mk_usize 32)) -> res == randomness); f_entropy_preprocess @@ -87,8 +87,8 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in + let out:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let out:t_Array u8 (mk_usize 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in out); f_cpa_keygen_seed_pre = @@ -100,7 +100,7 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (key_generation_seed: t_Slice u8) -> - (Core.Slice.impl__len #u8 key_generation_seed <: usize) =. sz 32); + (Core.Slice.impl__len #u8 key_generation_seed <: usize) =. mk_usize 32); f_cpa_keygen_seed_post = (fun @@ -110,7 +110,7 @@ let impl: t_Variant t_MlKem = i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (key_generation_seed: t_Slice u8) - (res: t_Array u8 (sz 64)) + (res: t_Array u8 (mk_usize 64)) -> Seq.length key_generation_seed == 32 ==> res == Spec.Utils.v_G (Seq.append key_generation_seed (Seq.create 1 (cast v_K <: u8)))); @@ -124,18 +124,18 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (key_generation_seed: t_Slice u8) -> - let seed:t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in - let seed:t_Array u8 (sz 33) = + let seed:t_Array u8 (mk_usize 33) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 33) in + let seed:t_Array u8 (mk_usize 33) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range seed ({ - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (seed.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE @@ -148,7 +148,7 @@ let impl: t_Variant t_MlKem = <: t_Slice u8) in - let seed:t_Array u8 (sz 33) = + let seed:t_Array u8 (mk_usize 33) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE (cast (v_K <: usize) <: u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti index 9f3dc29f3..205a8a1fa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti @@ -29,7 +29,7 @@ class t_Variant (v_Self: Type0) = { {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> shared_secret: t_Slice u8 -> ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> pred: Type0{(Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 shared_secret <: usize) =. mk_usize 32 ==> pred}; f_kdf_post: v_K: usize -> v_CIPHERTEXT_SIZE: usize -> @@ -37,7 +37,7 @@ class t_Variant (v_Self: Type0) = { {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> shared_secret: t_Slice u8 -> ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> - res: t_Array u8 (sz 32) + res: t_Array u8 (mk_usize 32) -> pred: Type0{pred ==> res == shared_secret}; f_kdf: v_K: usize -> @@ -46,7 +46,7 @@ class t_Variant (v_Self: Type0) = { {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> x0: t_Slice u8 -> x1: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> Prims.Pure (t_Array u8 (sz 32)) + -> Prims.Pure (t_Array u8 (mk_usize 32)) (f_kdf_pre v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1) (fun result -> f_kdf_post v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1 result); f_entropy_preprocess_pre: @@ -54,20 +54,20 @@ class t_Variant (v_Self: Type0) = { #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> randomness: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 randomness <: usize) =. sz 32 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 randomness <: usize) =. mk_usize 32 ==> pred}; f_entropy_preprocess_post: v_K: usize -> #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> randomness: t_Slice u8 -> - res: t_Array u8 (sz 32) + res: t_Array u8 (mk_usize 32) -> pred: Type0{pred ==> res == randomness}; f_entropy_preprocess: v_K: usize -> #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) + -> Prims.Pure (t_Array u8 (mk_usize 32)) (f_entropy_preprocess_pre v_K #v_Hasher #i3 x0) (fun result -> f_entropy_preprocess_post v_K #v_Hasher #i3 x0 result); f_cpa_keygen_seed_pre: @@ -75,13 +75,13 @@ class t_Variant (v_Self: Type0) = { #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> seed: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 seed <: usize) =. sz 32 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 seed <: usize) =. mk_usize 32 ==> pred}; f_cpa_keygen_seed_post: v_K: usize -> #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> seed: t_Slice u8 -> - res: t_Array u8 (sz 64) + res: t_Array u8 (mk_usize 64) -> pred: Type0 { pred ==> @@ -92,7 +92,7 @@ class t_Variant (v_Self: Type0) = { #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) + -> Prims.Pure (t_Array u8 (mk_usize 64)) (f_cpa_keygen_seed_pre v_K #v_Hasher #i3 x0) (fun result -> f_cpa_keygen_seed_post v_K #v_Hasher #i3 x0 result) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index a80c67948..d6df28486 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -97,23 +97,24 @@ let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let _:Prims.unit = assert (forall i. get_lane t0 i == - (cast (((cast (get_lane vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! 16l) + (cast (((cast (get_lane vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! + (mk_i32 16)) <: i16)) in let t512:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 512s + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 (mk_i16 512) in - let _:Prims.unit = assert (forall i. get_lane t512 i == 512s) in + let _:Prims.unit = assert (forall i. get_lane t512 i == (mk_i16 512)) in let t1:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 t0 t512 in - let _:Prims.unit = assert (forall i. get_lane t1 i == get_lane t0 i +. 512s) in + let _:Prims.unit = assert (forall i. get_lane t1 i == get_lane t0 i +. (mk_i16 512)) in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 10l t1 + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 (mk_i32 10) t1 in let _:Prims.unit = - assert (forall i. get_lane quotient i == (((get_lane t1 i) <: i16) >>! (10l <: i32))) + assert (forall i. get_lane quotient i == (((get_lane t1 i) <: i16) >>! ((mk_i32 10) <: i32))) in let quotient_times_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 quotient @@ -148,24 +149,25 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in - let _:Prims.unit = assert (forall i. get_lane field_modulus i == 3329s) in + let _:Prims.unit = assert (forall i. get_lane field_modulus i == (mk_i16 3329)) in let vv_minus_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector field_modulus in let _:Prims.unit = - assert (forall i. get_lane vv_minus_field_modulus i == get_lane vector i -. 3329s) + assert (forall i. get_lane vv_minus_field_modulus i == get_lane vector i -. (mk_i16 3329)) in let sign_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 15l vv_minus_field_modulus + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 (mk_i32 15) vv_minus_field_modulus in let _:Prims.unit = - assert (forall i. get_lane sign_mask i == (get_lane vv_minus_field_modulus i >>! 15l)) + assert (forall i. get_lane sign_mask i == (get_lane vv_minus_field_modulus i >>! (mk_i32 15))) in let conditional_add_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 sign_mask field_modulus in let _:Prims.unit = - assert (forall i. get_lane conditional_add_field_modulus i == (get_lane sign_mask i &. 3329s)) + assert (forall i. + get_lane conditional_add_field_modulus i == (get_lane sign_mask i &. (mk_i16 3329))) in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 vv_minus_field_modulus @@ -178,7 +180,9 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = assert (forall i. get_lane result i == Spec.Utils.cond_sub (get_lane vector i)); assert (forall i. get_lane result i == - (if (get_lane vector i) >=. 3329s then get_lane vector i -! 3329s else get_lane vector i)) + (if (get_lane vector i) >=. (mk_i16 3329) + then get_lane vector i -! (mk_i16 3329) + else get_lane vector i)) in result @@ -208,22 +212,26 @@ let montgomery_multiply_by_constant <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let _:Prims.unit = assert (forall i. get_lane k i == get_lane value_low i *. (neg 3327s)) in + let _:Prims.unit = + assert (forall i. get_lane k i == get_lane value_low i *. (neg (mk_i16 3327))) + in let modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in - let _:Prims.unit = assert (forall i. get_lane modulus i == 3329s) in + let _:Prims.unit = assert (forall i. get_lane modulus i == (mk_i16 3329)) in let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k modulus in let _:Prims.unit = assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k_times_modulus == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> + cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 modulus)); assert (forall i. get_lane k_times_modulus i == - (cast (((cast (get_lane k i) <: i32) *. (cast (get_lane modulus i) <: i32)) >>! 16l) + (cast (((cast (get_lane k i) <: i32) *. (cast (get_lane modulus i) <: i32)) >>! + (mk_i32 16)) <: i16)) in @@ -234,7 +242,7 @@ let montgomery_multiply_by_constant assert (forall i. get_lane value_high i == (cast (((cast (get_lane vector i) <: i32) *. (cast (get_lane vec_constant i) <: i32)) >>! - 16l) + (mk_i32 16)) <: i16)) in @@ -243,9 +251,9 @@ let montgomery_multiply_by_constant in let _:Prims.unit = Spec.Utils.lemma_range_at_percent 3329 (pow2 32); - assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); - assert (v (cast 3329s <: i32) == 3329); - assert ((cast 3329s <: i32) == 3329l); + assert (v (cast (mk_i16 3329) <: i32) == (3329 @% pow2 32)); + assert (v (cast (mk_i16 3329) <: i32) == 3329); + assert ((cast (mk_i16 3329) <: i32) == (mk_i32 3329)); assert (forall i. get_lane result i == (get_lane value_high i) -. (get_lane k_times_modulus i)); assert (forall i. get_lane result i == Spec.Utils.mont_mul_red_i16 (get_lane vector i) constant); assert (forall i. Spec.Utils.is_i16b 3328 (get_lane result i)); @@ -277,22 +285,26 @@ let montgomery_multiply_by_constants (vec constants: Libcrux_intrinsics.Avx2_ext <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let _:Prims.unit = assert (forall i. get_lane k i == get_lane value_low i *. (neg 3327s)) in + let _:Prims.unit = + assert (forall i. get_lane k i == get_lane value_low i *. (neg (mk_i16 3327))) + in let modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in - let _:Prims.unit = assert (forall i. get_lane modulus i == 3329s) in + let _:Prims.unit = assert (forall i. get_lane modulus i == (mk_i16 3329)) in let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k modulus in let _:Prims.unit = assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k_times_modulus == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> + cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 modulus)); assert (forall i. get_lane k_times_modulus i == - (cast (((cast (get_lane k i) <: i32) *. (cast (get_lane modulus i) <: i32)) >>! 16l) + (cast (((cast (get_lane k i) <: i32) *. (cast (get_lane modulus i) <: i32)) >>! + (mk_i32 16)) <: i16)) in @@ -302,7 +314,8 @@ let montgomery_multiply_by_constants (vec constants: Libcrux_intrinsics.Avx2_ext let _:Prims.unit = assert (forall i. get_lane value_high i == - (cast (((cast (get_lane vec i) <: i32) *. (cast (get_lane constants i) <: i32)) >>! 16l) + (cast (((cast (get_lane vec i) <: i32) *. (cast (get_lane constants i) <: i32)) >>! + (mk_i32 16)) <: i16)) in @@ -311,9 +324,9 @@ let montgomery_multiply_by_constants (vec constants: Libcrux_intrinsics.Avx2_ext in let _:Prims.unit = Spec.Utils.lemma_range_at_percent 3329 (pow2 32); - assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); - assert (v (cast 3329s <: i32) == 3329); - assert ((cast 3329s <: i32) == 3329l); + assert (v (cast (mk_i16 3329) <: i32) == (3329 @% pow2 32)); + assert (v (cast (mk_i16 3329) <: i32) == 3329); + assert ((cast (mk_i16 3329) <: i32) == (mk_i32 3329)); assert (forall i. get_lane result i == (get_lane value_high i) -. (get_lane k_times_modulus i)); assert (forall i. get_lane result i == Spec.Utils.mont_mul_red_i16 (get_lane vec i) (get_lane constants i)); @@ -347,22 +360,26 @@ let montgomery_multiply_m128i_by_constants (vec constants: Libcrux_intrinsics.Av <: Libcrux_intrinsics.Avx2_extract.t_Vec128) in - let _:Prims.unit = assert (forall i. get_lane128 k i == get_lane128 value_low i *. (neg 3327s)) in + let _:Prims.unit = + assert (forall i. get_lane128 k i == get_lane128 value_low i *. (neg (mk_i16 3327))) + in let modulus:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in - let _:Prims.unit = assert (forall i. get_lane128 modulus i == 3329s) in + let _:Prims.unit = assert (forall i. get_lane128 modulus i == (mk_i16 3329)) in let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 k modulus in let _:Prims.unit = assert (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 k_times_modulus == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> + cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 k) (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 modulus)); assert (forall i. get_lane128 k_times_modulus i == - (cast (((cast (get_lane128 k i) <: i32) *. (cast (get_lane128 modulus i) <: i32)) >>! 16l) + (cast (((cast (get_lane128 k i) <: i32) *. (cast (get_lane128 modulus i) <: i32)) >>! + (mk_i32 16)) <: i16)) in @@ -373,7 +390,7 @@ let montgomery_multiply_m128i_by_constants (vec constants: Libcrux_intrinsics.Av assert (forall i. get_lane128 value_high i == (cast (((cast (get_lane128 vec i) <: i32) *. (cast (get_lane128 constants i) <: i32)) >>! - 16l) + (mk_i32 16)) <: i16)) in @@ -382,9 +399,9 @@ let montgomery_multiply_m128i_by_constants (vec constants: Libcrux_intrinsics.Av in let _:Prims.unit = Spec.Utils.lemma_range_at_percent 3329 (pow2 32); - assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); - assert (v (cast 3329s <: i32) == 3329); - assert ((cast 3329s <: i32) == 3329l); + assert (v (cast (mk_i16 3329) <: i32) == (3329 @% pow2 32)); + assert (v (cast (mk_i16 3329) <: i32) == 3329); + assert ((cast (mk_i16 3329) <: i32) == (mk_i32 3329)); assert (forall i. get_lane128 result i == (get_lane128 value_high i) -. (get_lane128 k_times_modulus i)); assert (forall i. @@ -423,16 +440,16 @@ let montgomery_reduce_i32s (vec: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.t_Vec256) in let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi32 16l vec + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi32 (mk_i32 16) vec in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 16l result + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 (mk_i32 16) result in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 16l result + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 (mk_i32 16) result in let _:Prims.unit = admit () (* Panic freedom *) in result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index 6cfb8659a..c90470a1e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_kem.Vector.Avx2.Arithmetic open Core open FStar.Mul -let v_BARRETT_MULTIPLIER: i16 = 20159s +let v_BARRETT_MULTIPLIER: i16 = mk_i16 20159 open Libcrux_intrinsics.Avx2_extract @@ -38,11 +38,11 @@ val multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (con val shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (requires v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + (v_SHIFT_BY >=. (mk_i32 0) /\ v_SHIFT_BY <. (mk_i32 16)) ==> Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) @@ -80,8 +80,9 @@ val cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) forall i. i < 16 ==> get_lane result i == - (if (get_lane vector i) >=. 3329s then get_lane vector i -! 3329s else get_lane vector i - )) + (if (get_lane vector i) >=. (mk_i16 3329) + then get_lane vector i -! (mk_i16 3329) + else get_lane vector i)) val montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst index 849da1049..77d669930 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst @@ -9,11 +9,11 @@ let mulhi_mm256_epi32 (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in let prod13:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epu32 (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 - 245l + (mk_i32 245) lhs <: Libcrux_intrinsics.Avx2_extract.t_Vec256) - (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l rhs + (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) rhs <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -36,18 +36,19 @@ let compress_ciphertext_coefficient i16) <: i32) -! - 1l + mk_i32 1 <: i32) /! - 2l + mk_i32 2 <: i32) in let compression_factor:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 10321340l + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 10321340) in let coefficient_bits_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 ((1l <= 0 /\ v v_COEFFICIENT_BITS < bits i32_inttype /\ - range (v (1l < Prims.l_True) val compress_message_coefficient (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst index 6d1f1794f..a64aff299 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst @@ -10,15 +10,16 @@ let inv_ntt_layer_1_step (zeta0 zeta1 zeta2 zeta3: i16) = let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l vector + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) vector in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 160l vector + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 160) vector in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 rhs - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s (-1s) - (-1s) 1s 1s (-1s) (-1s) 1s 1s + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (mk_i16 (-1)) (mk_i16 (-1)) (mk_i16 1) + (mk_i16 1) (mk_i16 (-1)) (mk_i16 (-1)) (mk_i16 1) (mk_i16 1) (mk_i16 (-1)) (mk_i16 (-1)) + (mk_i16 1) (mk_i16 1) (mk_i16 (-1)) (mk_i16 (-1)) (mk_i16 1) (mk_i16 1) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -27,29 +28,30 @@ let inv_ntt_layer_1_step in let sum_times_zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants sum - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 zeta3 zeta3 0s 0s zeta2 zeta2 0s 0s zeta1 - zeta1 0s 0s zeta0 zeta0 0s 0s + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 zeta3 zeta3 (mk_i16 0) (mk_i16 0) zeta2 zeta2 + (mk_i16 0) (mk_i16 0) zeta1 zeta1 (mk_i16 0) (mk_i16 0) zeta0 zeta0 (mk_i16 0) (mk_i16 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let sum:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.barrett_reduce sum in - Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 204l sum sum_times_zetas + Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 (mk_i32 204) sum sum_times_zetas #pop-options let inv_ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) = let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 245l vector + Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 (mk_i32 245) vector in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 160l vector + Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 (mk_i32 160) vector in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 rhs - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (-1s) (-1s) (-1s) (-1s) 1s 1s 1s 1s (-1s) - (-1s) (-1s) (-1s) 1s 1s 1s 1s + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (mk_i16 (-1)) (mk_i16 (-1)) (mk_i16 (-1)) + (mk_i16 (-1)) (mk_i16 1) (mk_i16 1) (mk_i16 1) (mk_i16 1) (mk_i16 (-1)) (mk_i16 (-1)) + (mk_i16 (-1)) (mk_i16 (-1)) (mk_i16 1) (mk_i16 1) (mk_i16 1) (mk_i16 1) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -58,16 +60,16 @@ let inv_ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zet in let sum_times_zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants sum - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 zeta1 zeta1 zeta1 zeta1 0s 0s 0s 0s zeta0 - zeta0 zeta0 zeta0 0s 0s 0s 0s + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 zeta1 zeta1 zeta1 zeta1 (mk_i16 0) (mk_i16 0) + (mk_i16 0) (mk_i16 0) zeta0 zeta0 zeta0 zeta0 (mk_i16 0) (mk_i16 0) (mk_i16 0) (mk_i16 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 240l sum sum_times_zetas + Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 (mk_i32 240) sum sum_times_zetas let inv_ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i16) = let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l vector + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) vector in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 vector @@ -87,7 +89,7 @@ let inv_ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zet let combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_castsi128_si256 lower_coefficients in - Libcrux_intrinsics.Avx2_extract.mm256_inserti128_si256 1l combined upper_coefficients + Libcrux_intrinsics.Avx2_extract.mm256_inserti128_si256 (mk_i32 1) combined upper_coefficients let ntt_layer_1_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -101,13 +103,13 @@ let ntt_layer_1_step (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l vector + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) vector in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 160l vector + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 160) vector in Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs @@ -121,19 +123,19 @@ let ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 z zeta0 in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 238l vector + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 238) vector in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 68l vector + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 68) vector in Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs let ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i16) = let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l vector + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) vector in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_m128i_by_constants rhs @@ -153,20 +155,23 @@ let ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i let combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_castsi128_si256 lower_coefficients in - Libcrux_intrinsics.Avx2_extract.mm256_inserti128_si256 1l combined upper_coefficients + Libcrux_intrinsics.Avx2_extract.mm256_inserti128_si256 (mk_i32 1) combined upper_coefficients #push-options "--admit_smt_queries true" let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) = let shuffle_with:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y - 1y 0y 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y + Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 15) (mk_i8 14) (mk_i8 11) (mk_i8 10) + (mk_i8 7) (mk_i8 6) (mk_i8 3) (mk_i8 2) (mk_i8 13) (mk_i8 12) (mk_i8 9) (mk_i8 8) (mk_i8 5) + (mk_i8 4) (mk_i8 1) (mk_i8 0) (mk_i8 15) (mk_i8 14) (mk_i8 11) (mk_i8 10) (mk_i8 7) (mk_i8 6) + (mk_i8 3) (mk_i8 2) (mk_i8 13) (mk_i8 12) (mk_i8 9) (mk_i8 8) (mk_i8 5) (mk_i8 4) (mk_i8 1) + (mk_i8 0) in let lhs_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 lhs shuffle_with in let lhs_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 216l lhs_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 (mk_i32 216) lhs_shuffled in let lhs_evens:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 lhs_shuffled @@ -175,7 +180,7 @@ let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 lhs_evens in let lhs_odds:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l lhs_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) lhs_shuffled in let lhs_odds:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 lhs_odds @@ -184,7 +189,7 @@ let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 rhs shuffle_with in let rhs_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 216l rhs_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 (mk_i32 216) rhs_shuffled in let rhs_evens:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 rhs_shuffled @@ -193,7 +198,7 @@ let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 rhs_evens in let rhs_odds:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l rhs_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) rhs_shuffled in let rhs_odds:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 rhs_odds @@ -232,8 +237,11 @@ let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta in let rhs_adjacent_swapped:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 rhs - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y - 0y 3y 2y 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 13) (mk_i8 12) (mk_i8 15) (mk_i8 14) + (mk_i8 9) (mk_i8 8) (mk_i8 11) (mk_i8 10) (mk_i8 5) (mk_i8 4) (mk_i8 7) (mk_i8 6) + (mk_i8 1) (mk_i8 0) (mk_i8 3) (mk_i8 2) (mk_i8 13) (mk_i8 12) (mk_i8 15) (mk_i8 14) + (mk_i8 9) (mk_i8 8) (mk_i8 11) (mk_i8 10) (mk_i8 5) (mk_i8 4) (mk_i8 7) (mk_i8 6) + (mk_i8 1) (mk_i8 0) (mk_i8 3) (mk_i8 2) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -244,8 +252,8 @@ let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s products_right in let products_right:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 16l products_right + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 (mk_i32 16) products_right in - Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 170l products_left products_right + Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 (mk_i32 170) products_left products_right #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti index e2cfc07ca..280796df5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_kem.Vector.Avx2.Ntt open Core open FStar.Mul -let ntt_multiply__PERMUTE_WITH: i32 = 216l +let ntt_multiply__PERMUTE_WITH: i32 = mk_i32 216 val inv_ntt_layer_1_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index b41e18824..ebc4d32d3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -15,7 +15,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = let compare_with_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi16 field_modulus potential_coefficients in - let good:t_Array u8 (sz 2) = + let good:t_Array u8 (mk_usize 2) = Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ compare_with_field_modulus in let _:Prims.unit = @@ -31,8 +31,9 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = (cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize) +! sz 8 })) in - let lower_shuffles:t_Array u8 (sz 16) = - Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 0 ] + let lower_shuffles:t_Array u8 (mk_usize 16) = + Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ mk_usize + 0 ] <: u8) <: @@ -51,10 +52,11 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = Libcrux_intrinsics.Avx2_extract.mm_storeu_si128 output lower_coefficients in let sampled_count:usize = - cast (Core.Num.impl__u8__count_ones (good.[ sz 0 ] <: u8) <: u32) <: usize + cast (Core.Num.impl__u8__count_ones (good.[ mk_usize 0 ] <: u8) <: u32) <: usize in - let upper_shuffles:t_Array u8 (sz 16) = - Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 1 ] + let upper_shuffles:t_Array u8 (mk_usize 16) = + Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ mk_usize + 1 ] <: u8) <: @@ -64,7 +66,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) potential_coefficients in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles @@ -73,13 +75,13 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output ({ Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 8 <: usize } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128 (output.[ { Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 8 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -90,7 +92,8 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = t_Slice i16) in let hax_temp_output:usize = - sampled_count +! (cast (Core.Num.impl__u8__count_ones (good.[ sz 1 ] <: u8) <: u32) <: usize) + sampled_count +! + (cast (Core.Num.impl__u8__count_ones (good.[ mk_usize 1 ] <: u8) <: u32) <: usize) in output, hax_temp_output <: (t_Slice i16 & usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti index 767350ac5..6f9cc3437 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti @@ -6,8 +6,8 @@ open FStar.Mul val rejection_sample (input: t_Slice u8) (output: t_Slice i16) : Prims.Pure (t_Slice i16 & usize) (requires - (Core.Slice.impl__len #u8 input <: usize) =. sz 24 && - (Core.Slice.impl__len #i16 output <: usize) =. sz 16) + (Core.Slice.impl__len #u8 input <: usize) =. mk_usize 24 && + (Core.Slice.impl__len #i16 output <: usize) =. mk_usize 16) (ensures fun temp_0_ -> let output_future, res:(t_Slice i16 & usize) = temp_0_ in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 87cf7addd..69f37a0f0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -20,14 +20,18 @@ let deserialize_1___deserialize_1_i16s (a b: i16) = in let coefficients_in_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s <>! 8l <: i32) <: u8] in + let result:t_Array u8 (mk_usize 2) = + let list = [cast (bits_packed <: i32) <: u8; cast (bits_packed >>! mk_i32 8 <: i32) <: u8] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); Rust_primitives.Hax.array_of_list 2 list in let _:Prims.unit = assert (forall (i: nat{i < 8}). - get_bit (bits_packed >>! 8l <: i32) (sz i) == get_bit bits_packed (sz (i + 8))) + get_bit (bits_packed >>! (mk_i32 8) <: i32) (sz i) == get_bit bits_packed (sz (i + 8))) in result @@ -132,22 +142,31 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - mm256_concat_pairs_n 10uy vector + mm256_concat_pairs_n (mk_u8 10) vector in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 12l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 12) adjacent_4_combined in let adjacent_8_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 12y 11y - 10y 9y 8y 4y 3y 2y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 12y 11y 10y 9y 8y 4y 3y 2y 1y - 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 12) (mk_i8 11) (mk_i8 10) (mk_i8 9) + (mk_i8 8) (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 12) (mk_i8 11) (mk_i8 10) + (mk_i8 9) (mk_i8 8) (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -155,7 +174,7 @@ let serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_V Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_8_combined in let upper_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_8_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) adjacent_8_combined in let _:Prims.unit = introduce forall (i: nat{i < 80}) . lower_8_ i = vector ((i / 10) * 16 + i % 10) @@ -175,21 +194,31 @@ let serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_V let serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - mm256_concat_pairs_n 12uy vector + mm256_concat_pairs_n (mk_u8 12) vector in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 8l 0l 8l 0l 8l 0l 8l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 8) + (mk_i32 0) + (mk_i32 8) + (mk_i32 0) + (mk_i32 8) + (mk_i32 0) + (mk_i32 8) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 8l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 8) adjacent_4_combined in let adjacent_8_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) 13y 12y 11y 10y 9y 8y - 5y 4y 3y 2y 1y 0y (-1y) (-1y) (-1y) (-1y) 13y 12y 11y 10y 9y 8y 5y 4y 3y 2y 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 13) (mk_i8 12) (mk_i8 11) (mk_i8 10) (mk_i8 9) (mk_i8 8) (mk_i8 5) + (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 13) (mk_i8 12) (mk_i8 11) (mk_i8 10) (mk_i8 9) (mk_i8 8) (mk_i8 5) + (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -197,7 +226,7 @@ let serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_V Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_8_combined in let upper_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_8_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) adjacent_8_combined in let _:Prims.unit = introduce forall (i: nat{i < 96}) . lower_8_ i = vector ((i / 12) * 16 + i % 12) @@ -220,15 +249,15 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.t_Vec128) = serialize_10___serialize_10_vec vector in - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -238,14 +267,14 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: t_Slice u8) in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 26 } + ({ Core.Ops.Range.f_start = mk_usize 10; Core.Ops.Range.f_end = mk_usize 26 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 10; - Core.Ops.Range.f_end = sz 26 + Core.Ops.Range.f_start = mk_usize 10; + Core.Ops.Range.f_end = mk_usize 26 } <: Core.Ops.Range.t_Range usize ] @@ -255,37 +284,37 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: t_Slice u8) in - Core.Result.impl__unwrap #(t_Array u8 (sz 20)) + Core.Result.impl__unwrap #(t_Array u8 (mk_usize 20)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 20)) + #(t_Array u8 (mk_usize 20)) #FStar.Tactics.Typeclasses.solve - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 20 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 20 } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) <: - Core.Result.t_Result (t_Array u8 (sz 20)) Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array u8 (mk_usize 20)) Core.Array.t_TryFromSliceError) #pop-options #push-options "--ext context_pruning --split_queries always" let serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) = serialize_12___serialize_12_vec vector in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -295,14 +324,14 @@ let serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: t_Slice u8) in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 28 } + ({ Core.Ops.Range.f_start = mk_usize 12; Core.Ops.Range.f_end = mk_usize 28 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 12; - Core.Ops.Range.f_end = sz 28 + Core.Ops.Range.f_start = mk_usize 12; + Core.Ops.Range.f_end = mk_usize 28 } <: Core.Ops.Range.t_Range usize ] @@ -312,63 +341,79 @@ let serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: t_Slice u8) in - Core.Result.impl__unwrap #(t_Array u8 (sz 24)) + Core.Result.impl__unwrap #(t_Array u8 (mk_usize 24)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 24)) + #(t_Array u8 (mk_usize 24)) #FStar.Tactics.Typeclasses.solve - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 24 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 24 } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) <: - Core.Result.t_Result (t_Array u8 (sz 24)) Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array u8 (mk_usize 24)) Core.Array.t_TryFromSliceError) #pop-options let serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in @@ -98,7 +98,7 @@ val deserialize_4___deserialize_4_u8s (b0 b1 b2 b3 b4 b5 b6 b7: u8) val deserialize_4_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in @@ -113,11 +113,11 @@ val deserialize_4_ (bytes: t_Slice u8) include BitVec.Intrinsics {mm256_concat_pairs_n} val serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 2)) + : Prims.Pure (t_Array u8 (mk_usize 2)) (requires forall i. i % 16 >= 1 ==> vector i == 0) (ensures fun result -> - let result:t_Array u8 (sz 2) = result in + let result:t_Array u8 (mk_usize 2) = result in forall i. bit_vec_of_int_t_array result 8 i == vector (i * 16)) val serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -147,30 +147,30 @@ val serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_V vector ((i / 12) * 16 + i % 12) == (if i < 96 then lower_8_ i else upper_8_ (i - 96))) val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 20)) + : Prims.Pure (t_Array u8 (mk_usize 20)) (requires forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0) (ensures fun r -> - let r:t_Array u8 (sz 20) = r in + let r:t_Array u8 (mk_usize 20) = r in forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i / 10) * 16 + i % 10)) val serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 24)) + : Prims.Pure (t_Array u8 (mk_usize 24)) (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) (ensures fun r -> - let r:t_Array u8 (sz 24) = r in + let r:t_Array u8 (mk_usize 24) = r in forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i / 12) * 16 + i % 12)) val serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 10)) Prims.l_True (fun _ -> Prims.l_True) val serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 8)) + : Prims.Pure (t_Array u8 (mk_usize 8)) (requires forall (i: nat{i < 256}). i % 16 < 4 || vector i = 0) (ensures fun r -> - let r:t_Array u8 (sz 8) = r in + let r:t_Array u8 (mk_usize 8) = r in forall (i: nat{i < 64}). bit_vec_of_int_t_array r 8 i == vector ((i / 4) * 16 + i % 4)) include BitVec.Intrinsics {mm256_si256_from_two_si128 as mm256_si256_from_two_si128} @@ -242,4 +242,4 @@ val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index f63bcef62..ca6aac293 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -192,11 +192,11 @@ let serialize_4_ (vector: t_SIMD256Vector) = #pop-options let vec_to_i16_array (v: t_SIMD256Vector) = - let output:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in - let output:t_Array i16 (sz 16) = + let output:t_Array i16 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 16) in + let output:t_Array i16 (mk_usize 16) = Libcrux_intrinsics.Avx2_extract.mm256_storeu_si256_i16 output v.f_elements in - let result:t_Array i16 (sz 16) = output in + let result:t_Array i16 (mk_usize 16) = output in let _:Prims.unit = admit () (* Panic freedom *) in result @@ -206,7 +206,7 @@ let impl: Libcrux_ml_kem.Vector.Traits.t_Repr t_SIMD256Vector = _super_13011033735201511749 = FStar.Tactics.Typeclasses.solve; _super_9529721400157967266 = FStar.Tactics.Typeclasses.solve; f_repr_pre = (fun (x: t_SIMD256Vector) -> true); - f_repr_post = (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true); + f_repr_post = (fun (x: t_SIMD256Vector) (out: t_Array i16 (mk_usize 16)) -> true); f_repr = fun (x: t_SIMD256Vector) -> vec_to_i16_array x } @@ -233,11 +233,11 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = - (fun (_: Prims.unit) (out: t_SIMD256Vector) -> impl.f_repr out == Seq.create 16 0s); + (fun (_: Prims.unit) (out: t_SIMD256Vector) -> impl.f_repr out == Seq.create 16 (mk_i16 0)); f_ZERO = (fun (_: Prims.unit) -> vec_zero ()); f_from_i16_array_pre = - (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); + (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. mk_usize 16); f_from_i16_array_post = (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> impl.f_repr out == array); @@ -245,7 +245,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_to_i16_array_pre = (fun (x: t_SIMD256Vector) -> true); f_to_i16_array_post = - (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x); + (fun (x: t_SIMD256Vector) (out: t_Array i16 (mk_usize 16)) -> out == impl.f_repr x); f_to_i16_array = (fun (x: t_SIMD256Vector) -> vec_to_i16_array x); f_add_pre = @@ -321,11 +321,12 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_shift_right_pre = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l); + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> + v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16); f_shift_right_post = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> - (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + (v_SHIFT_BY >=. (mk_i32 0) /\ v_SHIFT_BY <. (mk_i32 16)) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr vector)); f_shift_right = @@ -344,7 +345,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> impl.f_repr out == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr vector)); + Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) + (impl.f_repr vector)); f_cond_subtract_3329_ = (fun (vector: t_SIMD256Vector) -> cond_subtract_3329_ vector); f_barrett_reduce_pre = @@ -556,13 +558,13 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector)); f_serialize_1_post = - (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) -> + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 2)) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr vector) out); f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> serialize_1_ vector); f_deserialize_1_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 2); f_deserialize_1_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> @@ -573,27 +575,27 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector)); f_serialize_4_post = - (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 8)) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr vector) out); f_serialize_4_ = (fun (vector: t_SIMD256Vector) -> serialize_4_ vector); f_deserialize_4_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8); f_deserialize_4_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (impl.f_repr out)); f_deserialize_4_ = (fun (bytes: t_Slice u8) -> deserialize_4_ bytes); f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 10)) -> true); + f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 10)) -> true); f_serialize_5_ = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements); f_deserialize_5_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 10); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 10); f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_5_ = @@ -607,27 +609,27 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector)); f_serialize_10_post = - (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 20)) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr vector) out); f_serialize_10_ = (fun (vector: t_SIMD256Vector) -> serialize_10_ vector); f_deserialize_10_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20); f_deserialize_10_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (impl.f_repr out)); f_deserialize_10_ = (fun (bytes: t_Slice u8) -> deserialize_10_ bytes); f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 22)) -> true); + f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 22)) -> true); f_serialize_11_ = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_11_ vector.f_elements); f_deserialize_11_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 22); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 22); f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_11_ = @@ -640,13 +642,13 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector)); f_serialize_12_post = - (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 24)) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr vector) out); f_serialize_12_ = (fun (vector: t_SIMD256Vector) -> serialize_12_ vector); f_deserialize_12_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 24); f_deserialize_12_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> @@ -655,8 +657,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_rej_sample_pre = (fun (input: t_Slice u8) (output: t_Slice i16) -> - (Core.Slice.impl__len #u8 input <: usize) =. sz 24 && - (Core.Slice.impl__len #i16 output <: usize) =. sz 16); + (Core.Slice.impl__len #u8 input <: usize) =. mk_usize 24 && + (Core.Slice.impl__len #i16 output <: usize) =. mk_usize 16); f_rej_sample_post = (fun (input: t_Slice u8) (output: t_Slice i16) (output_future, result: (t_Slice i16 & usize)) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 3ba81f3eb..a77731555 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -17,7 +17,7 @@ let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_ext val deserialize_1_ (bytes: t_Slice u8) : Prims.Pure t_SIMD256Vector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 2) (ensures fun out -> let out:t_SIMD256Vector = out in @@ -25,18 +25,18 @@ val deserialize_1_ (bytes: t_Slice u8) val deserialize_4_ (bytes: t_Slice u8) : Prims.Pure t_SIMD256Vector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8) (ensures fun out -> let out:t_SIMD256Vector = out in sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (repr out)) val serialize_1_ (vector: t_SIMD256Vector) - : Prims.Pure (t_Array u8 (sz 2)) + : Prims.Pure (t_Array u8 (mk_usize 2)) (requires Spec.MLKEM.serialize_pre 1 (repr vector)) (ensures fun out -> - let out:t_Array u8 (sz 2) = out in + let out:t_Array u8 (mk_usize 2) = out in Spec.MLKEM.serialize_pre 1 (repr vector) ==> Spec.MLKEM.serialize_post 1 (repr vector) out ) @@ -54,7 +54,7 @@ val vec_zero: Prims.unit (ensures fun result -> let result:t_SIMD256Vector = result in - repr result == Seq.create 16 0s) + repr result == Seq.create 16 (mk_i16 0)) val compress (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) : Prims.Pure t_SIMD256Vector @@ -87,7 +87,8 @@ val cond_subtract_3329_ (vector: t_SIMD256Vector) fun out -> let out:t_SIMD256Vector = out in repr out == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (repr vector)) + Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) + (repr vector)) val inv_ntt_layer_1_step (vector: t_SIMD256Vector) (zeta0 zeta1 zeta2 zeta3: i16) : Prims.Pure t_SIMD256Vector @@ -166,38 +167,38 @@ val impl_1:Core.Clone.t_Clone t_SIMD256Vector val impl_2:Core.Marker.t_Copy t_SIMD256Vector val serialize_10_ (vector: t_SIMD256Vector) - : Prims.Pure (t_Array u8 (sz 20)) + : Prims.Pure (t_Array u8 (mk_usize 20)) (requires Spec.MLKEM.serialize_pre 10 (repr vector)) (ensures fun out -> - let out:t_Array u8 (sz 20) = out in + let out:t_Array u8 (mk_usize 20) = out in Spec.MLKEM.serialize_pre 10 (repr vector) ==> Spec.MLKEM.serialize_post 10 (repr vector) out) val serialize_12_ (vector: t_SIMD256Vector) - : Prims.Pure (t_Array u8 (sz 24)) + : Prims.Pure (t_Array u8 (mk_usize 24)) (requires Spec.MLKEM.serialize_pre 12 (repr vector)) (ensures fun out -> - let out:t_Array u8 (sz 24) = out in + let out:t_Array u8 (mk_usize 24) = out in Spec.MLKEM.serialize_pre 12 (repr vector) ==> Spec.MLKEM.serialize_post 12 (repr vector) out) val serialize_4_ (vector: t_SIMD256Vector) - : Prims.Pure (t_Array u8 (sz 8)) + : Prims.Pure (t_Array u8 (mk_usize 8)) (requires Spec.MLKEM.serialize_pre 4 (repr vector)) (ensures fun out -> - let out:t_Array u8 (sz 8) = out in + let out:t_Array u8 (mk_usize 8) = out in Spec.MLKEM.serialize_pre 4 (repr vector) ==> Spec.MLKEM.serialize_post 4 (repr vector) out ) val vec_to_i16_array (v: t_SIMD256Vector) - : Prims.Pure (t_Array i16 (sz 16)) + : Prims.Pure (t_Array i16 (mk_usize 16)) Prims.l_True (ensures fun result -> - let result:t_Array i16 (sz 16) = result in + let result:t_Array i16 (mk_usize 16) = result in result == repr v) [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -205,7 +206,7 @@ val impl:Libcrux_ml_kem.Vector.Traits.t_Repr t_SIMD256Vector val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure t_SIMD256Vector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20) (ensures fun out -> let out:t_SIMD256Vector = out in @@ -213,7 +214,7 @@ val deserialize_10_ (bytes: t_Slice u8) val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure t_SIMD256Vector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 24) (ensures fun out -> let out:t_SIMD256Vector = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst index 1139236f7..135ad96a3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst @@ -55,7 +55,7 @@ let bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD1 v let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let c:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 3329s in + let c:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 3329) in let m0:u8 = Libcrux_intrinsics.Arm64_extract.v__vcgeq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c in @@ -172,10 +172,10 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = lhs let barrett_reduce_int16x8_t (v: u8) = - let adder:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 1024s in + let adder:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 1024) in let vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 v v_BARRETT_MULTIPLIER in let vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vaddq_s16 vec adder in - let quotient:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 11l vec in + let quotient:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 11) vec in let sub:u8 = Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 quotient Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS @@ -214,7 +214,7 @@ let montgomery_reduce_int16x8_t (low high: u8) = u8) in let c:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 1l + Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 k Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: @@ -225,7 +225,7 @@ let montgomery_reduce_int16x8_t (low high: u8) = let montgomery_multiply_by_constant_int16x8_t (v: u8) (c: i16) = let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 v c in let vv_high:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 1l + Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 v c <: u8) in montgomery_reduce_int16x8_t vv_low vv_high @@ -259,7 +259,7 @@ let montgomery_multiply_by_constant let montgomery_multiply_int16x8_t (v c: u8) = let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.v__vmulq_s16 v c in let vv_high:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 1l + Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_s16 v c <: u8) in montgomery_reduce_int16x8_t vv_low vv_high diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti index 91b5164fe..92570af62 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_kem.Vector.Neon.Arithmetic open Core open FStar.Mul -let v_BARRETT_MULTIPLIER: i16 = 20159s +let v_BARRETT_MULTIPLIER: i16 = mk_i16 20159 val add (lhs rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst index 797444743..d5d3a271a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst @@ -4,25 +4,25 @@ open Core open FStar.Mul let compress_int32x4_t (v_COEFFICIENT_BITS: i32) (v: u8) = - let half:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_u32 1664ul in + let half:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_u32 (mk_u32 1664) in let compressed:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_n_u32 v_COEFFICIENT_BITS v in let compressed:u8 = Libcrux_intrinsics.Arm64_extract.v__vaddq_u32 compressed half in let compressed:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u32_s32 (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_u32 compressed <: u8) - 10321340l + (mk_i32 10321340) <: u8) in - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_u32 4l compressed + Libcrux_intrinsics.Arm64_extract.v__vshrq_n_u32 (mk_i32 4) compressed let mask_n_least_significant_bits (coefficient_bits: i16) = match coefficient_bits <: i16 with - | 4s -> 15s - | 5s -> 31s - | 10s -> 1023s - | 11s -> 2047s - | x -> (1s < mk_i16 15 + | Rust_primitives.Integers.MkInt 5 -> mk_i16 31 + | Rust_primitives.Integers.MkInt 10 -> mk_i16 1023 + | Rust_primitives.Integers.MkInt 11 -> mk_i16 2047 + | x -> (mk_i16 1 < Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 20)) Prims.l_True (fun _ -> Prims.l_True) val serialize_12_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 24)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_1_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -27,10 +27,10 @@ val deserialize_12_ (v: t_Slice u8) (fun _ -> Prims.l_True) val serialize_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 2)) Prims.l_True (fun _ -> Prims.l_True) val serialize_4_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 8)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_10_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -53,7 +53,7 @@ val deserialize_5_ (v: t_Slice u8) (fun _ -> Prims.l_True) val serialize_11_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) val serialize_5_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 10)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst index 761d0a4b3..088d70f40 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst @@ -8,8 +8,8 @@ let repr (x:t_SIMD128Vector) = admit() let v_ZERO (_: Prims.unit) = let result:t_SIMD128Vector = { - f_low = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 0s; - f_high = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 0s + f_low = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 0); + f_high = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 0) } <: t_SIMD128Vector @@ -23,8 +23,8 @@ let from_i16_array (array: t_Slice i16) = f_low = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 8 } <: Core.Ops.Range.t_Range usize ] @@ -33,8 +33,8 @@ let from_i16_array (array: t_Slice i16) = f_high = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 8; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -60,15 +60,15 @@ val impl_1': Core.Marker.t_Copy t_SIMD128Vector let impl_1 = impl_1' let to_i16_array (v: t_SIMD128Vector) = - let out:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in - let out:t_Array i16 (sz 16) = + let out:t_Array i16 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 16) in + let out:t_Array i16 (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 8 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Arm64_extract.v__vst1q_s16 (out.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 8 } <: Core.Ops.Range.t_Range usize ] @@ -78,14 +78,14 @@ let to_i16_array (v: t_SIMD128Vector) = <: t_Slice i16) in - let out:t_Array i16 (sz 16) = + let out:t_Array i16 (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 8; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Arm64_extract.v__vst1q_s16 (out.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 8; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -95,6 +95,6 @@ let to_i16_array (v: t_SIMD128Vector) = <: t_Slice i16) in - let result:t_Array i16 (sz 16) = out in + let result:t_Array i16 (mk_usize 16) = out in let _:Prims.unit = admit () (* Panic freedom *) in result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti index ce6c9b299..45aa72cf2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti @@ -16,7 +16,7 @@ val v_ZERO: Prims.unit (ensures fun result -> let result:t_SIMD128Vector = result in - repr result == Seq.create 16 0s) + repr result == Seq.create 16 (mk_i16 0)) val from_i16_array (array: t_Slice i16) : Prims.Pure t_SIMD128Vector @@ -33,9 +33,9 @@ val impl:Core.Clone.t_Clone t_SIMD128Vector val impl_1:Core.Marker.t_Copy t_SIMD128Vector val to_i16_array (v: t_SIMD128Vector) - : Prims.Pure (t_Array i16 (sz 16)) + : Prims.Pure (t_Array i16 (mk_usize 16)) Prims.l_True (ensures fun result -> - let result:t_Array i16 (sz 16) = result in + let result:t_Array i16 (mk_usize 16) = result in result == repr v) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst index 0c4739a48..2f3a6ebf6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst @@ -11,38 +11,38 @@ let _ = () let rej_sample (a: t_Slice u8) (result: t_Slice i16) = - let sampled:usize = sz 0 in + let sampled:usize = mk_usize 0 in let result, sampled:(t_Slice i16 & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks #u8 a (sz 3) <: Core.Slice.Iter.t_Chunks u8) + (Core.Slice.impl__chunks #u8 a (mk_usize 3) <: Core.Slice.Iter.t_Chunks u8) <: Core.Slice.Iter.t_Chunks u8) (result, sampled <: (t_Slice i16 & usize)) (fun temp_0_ bytes -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in let bytes:t_Slice u8 = bytes in - let b1:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in - let b2:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in - let b3:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in - let d1:i16 = ((b2 &. 15s <: i16) <>! 4l <: i16) in + let b1:i16 = cast (bytes.[ mk_usize 0 ] <: u8) <: i16 in + let b2:i16 = cast (bytes.[ mk_usize 1 ] <: u8) <: i16 in + let b3:i16 = cast (bytes.[ mk_usize 2 ] <: u8) <: i16 in + let d1:i16 = ((b2 &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) in let result, sampled:(t_Slice i16 & usize) = - if d1 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + if d1 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. mk_usize 16 then let result:t_Slice i16 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d1 in - result, sampled +! sz 1 <: (t_Slice i16 & usize) + result, sampled +! mk_usize 1 <: (t_Slice i16 & usize) else result, sampled <: (t_Slice i16 & usize) in - if d2 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + if d2 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. mk_usize 16 then let result:t_Slice i16 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d2 in - result, sampled +! sz 1 <: (t_Slice i16 & usize) + result, sampled +! mk_usize 1 <: (t_Slice i16 & usize) else result, sampled <: (t_Slice i16 & usize)) in let hax_temp_output:usize = sampled in @@ -56,7 +56,10 @@ let impl: Libcrux_ml_kem.Vector.Traits.t_Repr Libcrux_ml_kem.Vector.Neon.Vector_ f_repr_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_repr_post = - (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) -> + (fun + (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array i16 (mk_usize 16)) + -> true); f_repr = @@ -75,11 +78,11 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_ZERO_post = (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> - impl.f_repr out == Seq.create 16 0s); + impl.f_repr out == Seq.create 16 (mk_i16 0)); f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Neon.Vector_type.v_ZERO ()); f_from_i16_array_pre = - (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); + (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. mk_usize 16); f_from_i16_array_post = (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> @@ -90,7 +93,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_to_i16_array_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_to_i16_array_post = - (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) -> + (fun + (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array i16 (mk_usize 16)) + -> out == impl.f_repr x); f_to_i16_array = @@ -433,7 +439,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_1_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_1_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 2)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 2)) + -> true); f_serialize_1_ = @@ -449,7 +458,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_4_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_4_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 8)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 8)) + -> true); f_serialize_4_ = @@ -465,7 +477,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_5_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 10)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 10)) + -> true); f_serialize_5_ = @@ -481,7 +496,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_10_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_10_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 20)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 20)) + -> true); f_serialize_10_ = @@ -497,7 +515,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_11_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 22)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 22)) + -> true); f_serialize_11_ = @@ -513,7 +534,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_12_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_12_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 24)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 24)) + -> true); f_serialize_12_ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index 46f0a37be..a42c57e0e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -6,13 +6,13 @@ open FStar.Mul #push-options "--z3rlimit 150 --split_queries always" let get_n_least_significant_bits (n: u8) (value: u32) = - let res:u32 = value &. ((1ul <>! 1l <: i32) + (Libcrux_ml_kem.Vector.Traits.v_BARRETT_R >>! mk_i32 1 <: i32) in let _:Prims.unit = assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2 * 3329)); @@ -175,7 +175,7 @@ let montgomery_multiply_fe_by_fer (fe fer: i16) = let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -221,7 +221,7 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -276,7 +276,7 @@ let bitwise_and_with_constant = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -315,7 +315,7 @@ let bitwise_and_with_constant let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -324,14 +324,14 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta j < v i ==> Seq.index vec.f_elements j == (let x = Seq.index v__vec0.f_elements j in - if x >=. 3329s then x -! 3329s else x)) /\ + if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x)) /\ (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in if - (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 3329s + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. mk_i16 3329 <: bool then @@ -342,11 +342,12 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! 3329s + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! + mk_i16 3329 <: i16) <: - t_Array i16 (sz 16) + t_Array i16 (mk_usize 16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -354,7 +355,8 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta in let _:Prims.unit = Seq.lemma_eq_intro vec.f_elements - (Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) v__vec0.f_elements) + (Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) + v__vec0.f_elements) in vec @@ -368,7 +370,7 @@ let montgomery_multiply_by_constant = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -398,7 +400,7 @@ let montgomery_multiply_by_constant <: i16) <: - t_Array i16 (sz 16) + t_Array i16 (mk_usize 16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -410,7 +412,7 @@ let montgomery_multiply_by_constant let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -447,7 +449,7 @@ let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -487,7 +489,7 @@ let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_ty let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index e072f08d9..13015eee3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -4,15 +4,15 @@ open Core open FStar.Mul /// This is calculated as ⌊(BARRETT_R / FIELD_MODULUS) + 1/2⌋ -let v_BARRETT_MULTIPLIER: i32 = 20159l +let v_BARRETT_MULTIPLIER: i32 = mk_i32 20159 -let v_MONTGOMERY_SHIFT: u8 = 16uy +let v_MONTGOMERY_SHIFT: u8 = mk_u8 16 -let v_MONTGOMERY_R: i32 = 1l < let result:u32 = result in @@ -110,7 +110,8 @@ val cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in result.f_elements == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (vec.f_elements)) + Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) + (vec.f_elements)) val montgomery_multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -139,11 +140,11 @@ val multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port val shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (requires v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + (v_SHIFT_BY >=. (mk_i32 0) /\ v_SHIFT_BY <. (mk_i32 16)) ==> result.f_elements == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (vec.f_elements)) val sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index 8ccf885b5..ffafd735c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -7,9 +7,9 @@ open FStar.Mul let compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) = let compressed:u64 = (cast (fe <: u16) <: u64) <>! 35l in + let compressed:u64 = compressed +! mk_u64 1664 in + let compressed:u64 = compressed *! mk_u64 10321340 in + let compressed:u64 = compressed >>! mk_i32 35 in cast (Libcrux_ml_kem.Vector.Portable.Arithmetic.get_n_least_significant_bits coefficient_bits (cast (compressed <: u64) <: u32) <: @@ -22,9 +22,9 @@ let compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) = #push-options "--z3rlimit 200 --ext context_pruning" let compress_message_coefficient (fe: u16) = - let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in + let (shifted: i16):i16 = mk_i16 1664 -! (cast (fe <: u16) <: i16) in let _:Prims.unit = assert (v shifted == 1664 - v fe) in - let mask:i16 = shifted >>! 15l in + let mask:i16 = shifted >>! mk_i32 15 in let _:Prims.unit = assert (v mask = v shifted / pow2 15); assert (if v shifted < 0 then mask = ones else mask = zero) @@ -41,13 +41,13 @@ let compress_message_coefficient (fe: u16) = assert (v shifted >= 0 ==> v shifted_to_positive = v shifted); assert (shifted_to_positive >=. mk_i16 0) in - let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in + let shifted_positive_in_range:i16 = shifted_to_positive -! mk_i16 832 in let _:Prims.unit = assert (1664 - v fe >= 0 ==> v shifted_positive_in_range == 832 - v fe); assert (1664 - v fe < 0 ==> v shifted_positive_in_range == - 2497 + v fe) in - let r0:i16 = shifted_positive_in_range >>! 15l in - let (r1: i16):i16 = r0 &. 1s in + let r0:i16 = shifted_positive_in_range >>! mk_i32 15 in + let (r1: i16):i16 = r0 &. mk_i16 1 in let res:u8 = cast (r1 <: i16) <: u8 in let _:Prims.unit = assert (v r0 = v shifted_positive_in_range / pow2 15); @@ -81,7 +81,7 @@ let compress (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) in let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun a i -> let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in @@ -150,7 +150,7 @@ let compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) in let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun a i -> let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in @@ -219,7 +219,7 @@ let decompress_ciphertext_coefficient assert_norm (pow2 11 == 2048) in let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun a i -> let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in @@ -257,14 +257,14 @@ let decompress_ciphertext_coefficient v (decompressed <>! (v_COEFFICIENT_BITS +! mk_i32 1 <: i32)) == v decompressed / pow2 (v v_COEFFICIENT_BITS + 1)) in - let decompressed:i32 = decompressed >>! (v_COEFFICIENT_BITS +! 1l <: i32) in + let decompressed:i32 = decompressed >>! (v_COEFFICIENT_BITS +! mk_i32 1 <: i32) in let _:Prims.unit = assert (v decompressed < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS); assert (v (cast decompressed <: i16) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti index 32527079f..6479d73c4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti @@ -6,14 +6,15 @@ open FStar.Mul val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) : Prims.Pure i16 (requires - (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || - coefficient_bits =. 11uy) && + (coefficient_bits =. mk_u8 4 || coefficient_bits =. mk_u8 5 || coefficient_bits =. mk_u8 10 || + coefficient_bits =. mk_u8 11) && fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: u16)) (ensures fun result -> let result:i16 = result in - result >=. 0s && - result <. (Core.Num.impl__i16__pow 2s (cast (coefficient_bits <: u8) <: u32) <: i16)) + result >=. mk_i16 0 && + result <. + (Core.Num.impl__i16__pow (mk_i16 2) (cast (coefficient_bits <: u8) <: u32) <: i16)) /// The `compress_*` functions implement the `Compress` function specified in the NIST FIPS /// 203 standard (Page 18, Expression 4.5), which is defined as: @@ -36,14 +37,14 @@ val compress_message_coefficient (fe: u16) (ensures fun result -> let result:u8 = result in - Hax_lib.implies ((833us <=. fe <: bool) && (fe <=. 2496us <: bool)) + Hax_lib.implies ((mk_u16 833 <=. fe <: bool) && (fe <=. mk_u16 2496 <: bool)) (fun temp_0_ -> let _:Prims.unit = temp_0_ in - result =. 1uy <: bool) && - Hax_lib.implies (~.((833us <=. fe <: bool) && (fe <=. 2496us <: bool)) <: bool) + result =. mk_u8 1 <: bool) && + Hax_lib.implies (~.((mk_u16 833 <=. fe <: bool) && (fe <=. mk_u16 2496 <: bool)) <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in - result =. 0uy <: bool)) + result =. mk_u8 0 <: bool)) val compress (v_COEFFICIENT_BITS: i32) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index cd2dd7446..ff3f6f156 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -80,28 +80,28 @@ let inv_ntt_layer_1_step (zeta0 zeta1 zeta2 zeta3: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 0) (sz 2) + inv_ntt_step vec zeta0 (mk_usize 0) (mk_usize 2) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 1) (sz 3) + inv_ntt_step vec zeta0 (mk_usize 1) (mk_usize 3) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 4) (sz 6) + inv_ntt_step vec zeta1 (mk_usize 4) (mk_usize 6) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 5) (sz 7) + inv_ntt_step vec zeta1 (mk_usize 5) (mk_usize 7) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta2 (sz 8) (sz 10) + inv_ntt_step vec zeta2 (mk_usize 8) (mk_usize 10) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta2 (sz 9) (sz 11) + inv_ntt_step vec zeta2 (mk_usize 9) (mk_usize 11) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta3 (sz 12) (sz 14) + inv_ntt_step vec zeta3 (mk_usize 12) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta3 (sz 13) (sz 15) + inv_ntt_step vec zeta3 (mk_usize 13) (mk_usize 15) in let _:Prims.unit = assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 13)); @@ -133,28 +133,28 @@ let inv_ntt_layer_2_step (zeta0 zeta1: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 0) (sz 4) + inv_ntt_step vec zeta0 (mk_usize 0) (mk_usize 4) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 1) (sz 5) + inv_ntt_step vec zeta0 (mk_usize 1) (mk_usize 5) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 2) (sz 6) + inv_ntt_step vec zeta0 (mk_usize 2) (mk_usize 6) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 3) (sz 7) + inv_ntt_step vec zeta0 (mk_usize 3) (mk_usize 7) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 8) (sz 12) + inv_ntt_step vec zeta1 (mk_usize 8) (mk_usize 12) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 9) (sz 13) + inv_ntt_step vec zeta1 (mk_usize 9) (mk_usize 13) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 10) (sz 14) + inv_ntt_step vec zeta1 (mk_usize 10) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 11) (sz 15) + inv_ntt_step vec zeta1 (mk_usize 11) (mk_usize 15) in vec @@ -167,28 +167,28 @@ let inv_ntt_layer_3_step (zeta: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 0) (sz 8) + inv_ntt_step vec zeta (mk_usize 0) (mk_usize 8) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 1) (sz 9) + inv_ntt_step vec zeta (mk_usize 1) (mk_usize 9) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 2) (sz 10) + inv_ntt_step vec zeta (mk_usize 2) (mk_usize 10) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 3) (sz 11) + inv_ntt_step vec zeta (mk_usize 3) (mk_usize 11) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 4) (sz 12) + inv_ntt_step vec zeta (mk_usize 4) (mk_usize 12) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 5) (sz 13) + inv_ntt_step vec zeta (mk_usize 5) (mk_usize 13) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 6) (sz 14) + inv_ntt_step vec zeta (mk_usize 6) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 7) (sz 15) + inv_ntt_step vec zeta (mk_usize 7) (mk_usize 15) in vec @@ -202,15 +202,23 @@ let ntt_multiply_binomials (i: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let ai:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 2 *! i <: usize ] in - let bi:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 2 *! i <: usize ] in + let ai:i16 = + a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ mk_usize 2 *! i <: usize ] + in + let bi:i16 = + b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ mk_usize 2 *! i <: usize ] + in let aj:i16 = - a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (sz 2 *! i <: usize) +! sz 1 <: usize - ] + a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (mk_usize 2 *! i <: usize) +! + mk_usize 1 + <: + usize ] in let bj:i16 = - b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (sz 2 *! i <: usize) +! sz 1 <: usize - ] + b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (mk_usize 2 *! i <: usize) +! + mk_usize 1 + <: + usize ] in let _:Prims.unit = assert (Spec.Utils.is_i16b 3328 ai); @@ -283,7 +291,9 @@ let ntt_multiply_binomials ((v ai * v bj + v aj * v bi) * 169) % 3329; } in - let v__out0:t_Array i16 (sz 16) = out.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements in + let v__out0:t_Array i16 (mk_usize 16) = + out.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { out with @@ -291,7 +301,7 @@ let ntt_multiply_binomials = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 2 *! i <: usize) + (mk_usize 2 *! i <: usize) o0 } <: @@ -304,7 +314,7 @@ let ntt_multiply_binomials = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - ((sz 2 *! i <: usize) +! sz 1 <: usize) + ((mk_usize 2 *! i <: usize) +! mk_usize 1 <: usize) o1 } <: @@ -418,28 +428,28 @@ let ntt_layer_1_step (zeta0 zeta1 zeta2 zeta3: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 0) (sz 2) + ntt_step vec zeta0 (mk_usize 0) (mk_usize 2) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 1) (sz 3) + ntt_step vec zeta0 (mk_usize 1) (mk_usize 3) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 4) (sz 6) + ntt_step vec zeta1 (mk_usize 4) (mk_usize 6) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 5) (sz 7) + ntt_step vec zeta1 (mk_usize 5) (mk_usize 7) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta2 (sz 8) (sz 10) + ntt_step vec zeta2 (mk_usize 8) (mk_usize 10) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta2 (sz 9) (sz 11) + ntt_step vec zeta2 (mk_usize 9) (mk_usize 11) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta3 (sz 12) (sz 14) + ntt_step vec zeta3 (mk_usize 12) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta3 (sz 13) (sz 15) + ntt_step vec zeta3 (mk_usize 13) (mk_usize 15) in vec @@ -452,28 +462,28 @@ let ntt_layer_2_step (zeta0 zeta1: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 0) (sz 4) + ntt_step vec zeta0 (mk_usize 0) (mk_usize 4) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 1) (sz 5) + ntt_step vec zeta0 (mk_usize 1) (mk_usize 5) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 2) (sz 6) + ntt_step vec zeta0 (mk_usize 2) (mk_usize 6) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 3) (sz 7) + ntt_step vec zeta0 (mk_usize 3) (mk_usize 7) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 8) (sz 12) + ntt_step vec zeta1 (mk_usize 8) (mk_usize 12) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 9) (sz 13) + ntt_step vec zeta1 (mk_usize 9) (mk_usize 13) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 10) (sz 14) + ntt_step vec zeta1 (mk_usize 10) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 11) (sz 15) + ntt_step vec zeta1 (mk_usize 11) (mk_usize 15) in vec @@ -483,28 +493,28 @@ let ntt_layer_2_step let ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 0) (sz 8) + ntt_step vec zeta (mk_usize 0) (mk_usize 8) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 1) (sz 9) + ntt_step vec zeta (mk_usize 1) (mk_usize 9) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 2) (sz 10) + ntt_step vec zeta (mk_usize 2) (mk_usize 10) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 3) (sz 11) + ntt_step vec zeta (mk_usize 3) (mk_usize 11) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 4) (sz 12) + ntt_step vec zeta (mk_usize 4) (mk_usize 12) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 5) (sz 13) + ntt_step vec zeta (mk_usize 5) (mk_usize 13) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 6) (sz 14) + ntt_step vec zeta (mk_usize 6) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 7) (sz 15) + ntt_step vec zeta (mk_usize 7) (mk_usize 15) in vec @@ -529,35 +539,35 @@ let ntt_multiply in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta0 (sz 0) out + ntt_multiply_binomials lhs rhs zeta0 (mk_usize 0) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta0 (sz 1) out + ntt_multiply_binomials lhs rhs nzeta0 (mk_usize 1) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta1 (sz 2) out + ntt_multiply_binomials lhs rhs zeta1 (mk_usize 2) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta1 (sz 3) out + ntt_multiply_binomials lhs rhs nzeta1 (mk_usize 3) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta2 (sz 4) out + ntt_multiply_binomials lhs rhs zeta2 (mk_usize 4) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta2 (sz 5) out + ntt_multiply_binomials lhs rhs nzeta2 (mk_usize 5) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta3 (sz 6) out + ntt_multiply_binomials lhs rhs zeta3 (mk_usize 6) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta3 (sz 7) out + ntt_multiply_binomials lhs rhs nzeta3 (mk_usize 7) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index ef246cd1f..0d93f6625 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -6,10 +6,10 @@ open FStar.Mul #push-options "--admit_smt_queries true" let rej_sample (a: t_Slice u8) (result: t_Slice i16) = - let sampled:usize = sz 0 in + let sampled:usize = mk_usize 0 in let result, sampled:(t_Slice i16 & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + ((Core.Slice.impl__len #u8 a <: usize) /! mk_usize 3 <: usize) (fun temp_0_ temp_1_ -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in let _:usize = temp_1_ in @@ -18,26 +18,32 @@ let rej_sample (a: t_Slice u8) (result: t_Slice i16) = (fun temp_0_ i -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in let i:usize = i in - let b1:i16 = cast (a.[ (i *! sz 3 <: usize) +! sz 0 <: usize ] <: u8) <: i16 in - let b2:i16 = cast (a.[ (i *! sz 3 <: usize) +! sz 1 <: usize ] <: u8) <: i16 in - let b3:i16 = cast (a.[ (i *! sz 3 <: usize) +! sz 2 <: usize ] <: u8) <: i16 in - let d1:i16 = ((b2 &. 15s <: i16) <>! 4l <: i16) in + let b1:i16 = + cast (a.[ (i *! mk_usize 3 <: usize) +! mk_usize 0 <: usize ] <: u8) <: i16 + in + let b2:i16 = + cast (a.[ (i *! mk_usize 3 <: usize) +! mk_usize 1 <: usize ] <: u8) <: i16 + in + let b3:i16 = + cast (a.[ (i *! mk_usize 3 <: usize) +! mk_usize 2 <: usize ] <: u8) <: i16 + in + let d1:i16 = ((b2 &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) in let result, sampled:(t_Slice i16 & usize) = - if d1 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + if d1 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. mk_usize 16 then let result:t_Slice i16 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d1 in - result, sampled +! sz 1 <: (t_Slice i16 & usize) + result, sampled +! mk_usize 1 <: (t_Slice i16 & usize) else result, sampled <: (t_Slice i16 & usize) in - if d2 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + if d2 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. mk_usize 16 then let result:t_Slice i16 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d2 in - result, sampled +! sz 1 <: (t_Slice i16 & usize) + result, sampled +! mk_usize 1 <: (t_Slice i16 & usize) else result, sampled <: (t_Slice i16 & usize)) in let hax_temp_output:usize = sampled in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti index 57159cf4c..eaa6fc371 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti @@ -6,8 +6,8 @@ open FStar.Mul val rej_sample (a: t_Slice u8) (result: t_Slice i16) : Prims.Pure (t_Slice i16 & usize) (requires - (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && - (Core.Slice.impl__len #i16 result <: usize) =. sz 16) + (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24 && + (Core.Slice.impl__len #i16 result <: usize) =. mk_usize 16) (ensures fun temp_0_ -> let result_future, res:(t_Slice i16 & usize) = temp_0_ in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 9e7f111dc..1578af5ed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -5,255 +5,284 @@ open FStar.Mul let deserialize_10_int (bytes: t_Slice u8) = let r0:i16 = - (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + (((cast (bytes.[ mk_usize 2 ] <: u8) <: i16) &. mk_i16 15 <: i16) <>! mk_i32 2 <: i16) in let r2:i16 = - (((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + (((cast (bytes.[ mk_usize 3 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) in let r3:i16 = - ((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) + ((cast (bytes.[ mk_usize 4 ] <: u8) <: i16) <>! mk_i32 6 <: i16) in let r4:i16 = - (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + (((cast (bytes.[ mk_usize 7 ] <: u8) <: i16) &. mk_i16 15 <: i16) <>! mk_i32 2 <: i16) in let r6:i16 = - (((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + (((cast (bytes.[ mk_usize 8 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) in let r7:i16 = - ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) + ((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) <>! mk_i32 6 <: i16) in r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_11_int (bytes: t_Slice u8) = let r0:i16 = - (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + (((cast (bytes.[ mk_usize 2 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 3 <: i16) in let r2:i16 = - ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + ((cast (bytes.[ mk_usize 2 ] <: u8) <: i16) >>! mk_i32 6 <: i16) in let r3:i16 = - (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + (((cast (bytes.[ mk_usize 5 ] <: u8) <: i16) &. mk_i16 15 <: i16) <>! mk_i32 1 <: i16) in let r4:i16 = - (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + (((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) &. mk_i16 127 <: i16) <>! mk_i32 4 <: i16) in let r5:i16 = - ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + ((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) >>! mk_i32 7 <: i16) in let r6:i16 = - (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + (((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) &. mk_i16 31 <: i16) <>! mk_i32 2 <: i16) in let r7:i16 = - ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) + ((cast (bytes.[ mk_usize 10 ] <: u8) <: i16) <>! mk_i32 5 <: i16) in r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_12_int (bytes: t_Slice u8) = - let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in - let byte1:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in - let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in - let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in + let byte0:i16 = cast (bytes.[ mk_usize 0 ] <: u8) <: i16 in + let byte1:i16 = cast (bytes.[ mk_usize 1 ] <: u8) <: i16 in + let byte2:i16 = cast (bytes.[ mk_usize 2 ] <: u8) <: i16 in + let r0:i16 = ((byte1 &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) &. mk_i16 15 <: i16) in r0, r1 <: (i16 & i16) let deserialize_4_int (bytes: t_Slice u8) = - let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in - let v1:i16 = cast (((bytes.[ sz 0 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - let v2:i16 = cast ((bytes.[ sz 1 ] <: u8) &. 15uy <: u8) <: i16 in - let v3:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - let v4:i16 = cast ((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <: i16 in - let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in - let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in + let v0:i16 = cast ((bytes.[ mk_usize 0 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v1:i16 = cast (((bytes.[ mk_usize 0 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v2:i16 = cast ((bytes.[ mk_usize 1 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v3:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v4:i16 = cast ((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v5:i16 = cast (((bytes.[ mk_usize 2 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v6:i16 = cast ((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v7:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_5_int (bytes: t_Slice u8) = - let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in + let v0:i16 = cast ((bytes.[ mk_usize 0 ] <: u8) &. mk_u8 31 <: u8) <: i16 in let v1:i16 = - cast ((((bytes.[ sz 1 ] <: u8) &. 3uy <: u8) <>! 5l <: u8) + cast ((((bytes.[ mk_usize 1 ] <: u8) &. mk_u8 3 <: u8) <>! mk_i32 5 <: u8) <: u8) <: i16 in - let v2:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 2l <: u8) &. 31uy <: u8) <: i16 in + let v2:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 31 <: u8) <: i16 in let v3:i16 = - cast ((((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <>! 7l <: u8) + cast ((((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <>! mk_i32 7 <: u8) <: u8) <: i16 in let v4:i16 = - cast ((((bytes.[ sz 3 ] <: u8) &. 1uy <: u8) <>! 4l <: u8) + cast ((((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 1 <: u8) <>! mk_i32 4 <: u8) <: u8) <: i16 in - let v5:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 1l <: u8) &. 31uy <: u8) <: i16 in + let v5:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 31 <: u8) <: i16 in let v6:i16 = - cast ((((bytes.[ sz 4 ] <: u8) &. 7uy <: u8) <>! 6l <: u8) + cast ((((bytes.[ mk_usize 4 ] <: u8) &. mk_u8 7 <: u8) <>! mk_i32 6 <: u8) <: u8) <: i16 in - let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in + let v7:i16 = cast ((bytes.[ mk_usize 4 ] <: u8) >>! mk_i32 3 <: u8) <: i16 in v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let serialize_10_int (v: t_Slice i16) = - let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in + let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in let r1:u8 = - ((cast ((v.[ sz 1 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s <: i16) <: u8) + ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 8 <: i16) &. mk_i16 3 <: i16) <: u8) in let r2:u8 = - ((cast ((v.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s <: i16) <: u8) + ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 6 <: i16) &. mk_i16 15 <: i16) <: u8) in let r3:u8 = - ((cast ((v.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s <: i16) <: u8) + ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 4 <: i16) &. mk_i16 63 <: i16) <: u8) in - let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in + let r4:u8 = cast (((v.[ mk_usize 3 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) let serialize_11_int (v: t_Slice i16) = - let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in + let r0:u8 = cast (v.[ mk_usize 0 ] <: i16) <: u8 in let r1:u8 = - ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) + ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 31 <: i16) <: u8) <>! mk_i32 8 <: i16) <: u8) in let r2:u8 = - ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) + ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 5 <: i16) <: u8) in - let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in + let r3:u8 = cast (((v.[ mk_usize 2 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in let r4:u8 = - ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) + ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 127 <: i16) <: u8) <>! mk_i32 10 <: i16) <: u8) in let r5:u8 = - ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) + ((cast ((v.[ mk_usize 4 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 7 <: i16) <: u8) in let r6:u8 = - ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) + ((cast ((v.[ mk_usize 5 ] <: i16) &. mk_i16 1 <: i16) <: u8) <>! mk_i32 4 <: i16) <: u8) in - let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in + let r7:u8 = cast (((v.[ mk_usize 5 ] <: i16) >>! mk_i32 1 <: i16) &. mk_i16 255 <: i16) <: u8 in let r8:u8 = - ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) + ((cast ((v.[ mk_usize 6 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 9 <: i16) <: u8) in let r9:u8 = - ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) + ((cast ((v.[ mk_usize 7 ] <: i16) &. mk_i16 7 <: i16) <: u8) <>! mk_i32 6 <: i16) <: u8) in - let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in + let r10:u8 = cast ((v.[ mk_usize 7 ] <: i16) >>! mk_i32 3 <: i16) <: u8 in r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 <: (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) let serialize_12_int (v: t_Slice i16) = - let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in + let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in let r1:u8 = - cast (((v.[ sz 0 ] <: i16) >>! 8l <: i16) |. (((v.[ sz 1 ] <: i16) &. 15s <: i16) <>! mk_i32 8 <: i16) |. + (((v.[ mk_usize 1 ] <: i16) &. mk_i16 15 <: i16) <>! 4l <: i16) &. 255s <: i16) <: u8 in + let r2:u8 = cast (((v.[ mk_usize 1 ] <: i16) >>! mk_i32 4 <: i16) &. mk_i16 255 <: i16) <: u8 in r0, r1, r2 <: (u8 & u8 & u8) let serialize_4_int (v: t_Slice i16) = let result0:u8 = - ((cast (v.[ sz 1 ] <: i16) <: u8) <>! 3l <: i16) |. ((v.[ sz 2 ] <: i16) <>! mk_i32 3 <: i16) |. + ((v.[ mk_usize 2 ] <: i16) <>! 1l <: i16) |. ((v.[ sz 4 ] <: i16) <>! mk_i32 1 <: i16) |. + ((v.[ mk_usize 4 ] <: i16) <>! 4l <: i16) |. ((v.[ sz 5 ] <: i16) <>! mk_i32 4 <: i16) |. + ((v.[ mk_usize 5 ] <: i16) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) <>! mk_i32 2 <: i16) |. + ((v.[ mk_usize 7 ] <: i16) <>! 1l <: u8) &. 1uy <: u8) <: i16 in - let result2:i16 = cast (((v.[ sz 0 ] <: u8) >>! 2l <: u8) &. 1uy <: u8) <: i16 in - let result3:i16 = cast (((v.[ sz 0 ] <: u8) >>! 3l <: u8) &. 1uy <: u8) <: i16 in - let result4:i16 = cast (((v.[ sz 0 ] <: u8) >>! 4l <: u8) &. 1uy <: u8) <: i16 in - let result5:i16 = cast (((v.[ sz 0 ] <: u8) >>! 5l <: u8) &. 1uy <: u8) <: i16 in - let result6:i16 = cast (((v.[ sz 0 ] <: u8) >>! 6l <: u8) &. 1uy <: u8) <: i16 in - let result7:i16 = cast (((v.[ sz 0 ] <: u8) >>! 7l <: u8) &. 1uy <: u8) <: i16 in - let result8:i16 = cast ((v.[ sz 1 ] <: u8) &. 1uy <: u8) <: i16 in - let result9:i16 = cast (((v.[ sz 1 ] <: u8) >>! 1l <: u8) &. 1uy <: u8) <: i16 in - let result10:i16 = cast (((v.[ sz 1 ] <: u8) >>! 2l <: u8) &. 1uy <: u8) <: i16 in - let result11:i16 = cast (((v.[ sz 1 ] <: u8) >>! 3l <: u8) &. 1uy <: u8) <: i16 in - let result12:i16 = cast (((v.[ sz 1 ] <: u8) >>! 4l <: u8) &. 1uy <: u8) <: i16 in - let result13:i16 = cast (((v.[ sz 1 ] <: u8) >>! 5l <: u8) &. 1uy <: u8) <: i16 in - let result14:i16 = cast (((v.[ sz 1 ] <: u8) >>! 6l <: u8) &. 1uy <: u8) <: i16 in - let result15:i16 = cast (((v.[ sz 1 ] <: u8) >>! 7l <: u8) &. 1uy <: u8) <: i16 in + let result0:i16 = cast ((v.[ mk_usize 0 ] <: u8) &. mk_u8 1 <: u8) <: i16 in + let result1:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result2:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result3:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 3 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result4:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result5:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 5 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result6:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 6 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result7:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 7 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result8:i16 = cast ((v.[ mk_usize 1 ] <: u8) &. mk_u8 1 <: u8) <: i16 in + let result9:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result10:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result11:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 3 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result12:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result13:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 5 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result14:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 6 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result15:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 7 <: u8) &. mk_u8 1 <: u8) <: i16 in { Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = @@ -423,14 +458,20 @@ let deserialize_1_bounded_lemma inputs = let rec deserialize_10_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } + deserialize_10_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 10 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 20 } + deserialize_10_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 10; + Core.Ops.Range.f_end = mk_usize 20 + } <: Core.Ops.Range.t_Range usize ] <: @@ -477,56 +518,80 @@ let deserialize_10_bounded_lemma inputs = let rec deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 3 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v2_3_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 6 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 3; + Core.Ops.Range.f_end = mk_usize 6 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v4_5_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 6; Core.Ops.Range.f_end = sz 9 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 6; + Core.Ops.Range.f_end = mk_usize 9 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v6_7_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 12 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 9; + Core.Ops.Range.f_end = mk_usize 12 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v8_9_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 15 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 12; + Core.Ops.Range.f_end = mk_usize 15 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v10_11_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 15; Core.Ops.Range.f_end = sz 18 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 15; + Core.Ops.Range.f_end = mk_usize 18 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v12_13_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 18; Core.Ops.Range.f_end = sz 21 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 18; + Core.Ops.Range.f_end = mk_usize 21 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v14_15_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 21; Core.Ops.Range.f_end = sz 24 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 21; + Core.Ops.Range.f_end = mk_usize 24 + } <: Core.Ops.Range.t_Range usize ] <: @@ -573,14 +638,20 @@ let deserialize_12_bounded_lemma inputs = let rec deserialize_4_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } + deserialize_4_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 4 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 4; Core.Ops.Range.f_end = sz 8 } + deserialize_4_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 4; + Core.Ops.Range.f_end = mk_usize 8 + } <: Core.Ops.Range.t_Range usize ] <: @@ -627,92 +698,116 @@ let deserialize_4_bounded_lemma inputs = let rec serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0:u8 = - (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 0 ] <: i16) <: u8) |. - ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 1 ] <: i16) + (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ mk_usize 0 ] <: i16) + <: + u8) |. + ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ mk_usize 1 ] + <: + i16) <: u8) < Prims.l_True) val deserialize_11_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 11) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 11) (fun _ -> Prims.l_True) val deserialize_12_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 3) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 3) (fun _ -> Prims.l_True) val deserialize_4_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 4) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 4) (fun _ -> Prims.l_True) val deserialize_5_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 5) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 5) (fun _ -> Prims.l_True) val serialize_10_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) + (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 4) (fun _ -> Prims.l_True) val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 8) + (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) (fun _ -> Prims.l_True) val serialize_12_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 2) + (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 2) (fun _ -> Prims.l_True) val serialize_4_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 8) + (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) (fun _ -> Prims.l_True) val serialize_5_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 8) + (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) (fun _ -> Prims.l_True) val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 22) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 22) (fun _ -> Prims.l_True) val deserialize_5_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 10) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 10) (fun _ -> Prims.l_True) val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 10)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_1_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 v <: usize) =. sz 2) + (requires (Core.Slice.impl__len #u8 v <: usize) =. mk_usize 2) (fun _ -> Prims.l_True) val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma @@ -82,7 +82,7 @@ val deserialize_1_bounded_lemma (inputs: t_Array u8 (sz 2)) : Lemma val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20) (fun _ -> Prims.l_True) val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma @@ -93,7 +93,7 @@ val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 24) (fun _ -> Prims.l_True) val deserialize_12_lemma (inputs: t_Array u8 (sz 24)) : Lemma @@ -104,7 +104,7 @@ val deserialize_12_bounded_lemma (inputs: t_Array u8 (sz 24)) : Lemma val deserialize_4_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8) (fun _ -> Prims.l_True) val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma @@ -114,28 +114,28 @@ val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_4_ inputs).f_elements i) 4) val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 2)) Prims.l_True (fun _ -> Prims.l_True) val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) (ensures bit_vec_of_int_t_array (serialize_1_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 1) val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 20)) Prims.l_True (fun _ -> Prims.l_True) val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) (ensures bit_vec_of_int_t_array (serialize_10_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 24)) Prims.l_True (fun _ -> Prims.l_True) val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) (ensures bit_vec_of_int_t_array (serialize_12_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 12) val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 8)) Prims.l_True (fun _ -> Prims.l_True) val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst index 70c80f4e5..b6fe2852f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst @@ -7,18 +7,18 @@ let from_i16_array (array: t_Slice i16) = { f_elements = - Core.Result.impl__unwrap #(t_Array i16 (sz 16)) + Core.Result.impl__unwrap #(t_Array i16 (mk_usize 16)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice i16) - #(t_Array i16 (sz 16)) + #(t_Array i16 (mk_usize 16)) #FStar.Tactics.Typeclasses.solve - (array.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + (array.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] <: t_Slice i16) <: - Core.Result.t_Result (t_Array i16 (sz 16)) Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array i16 (mk_usize 16)) Core.Array.t_TryFromSliceError) } <: t_PortableVector @@ -38,4 +38,4 @@ val impl_1': Core.Marker.t_Copy t_PortableVector let impl_1 = impl_1' let zero (_: Prims.unit) = - { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector + { f_elements = Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 16) } <: t_PortableVector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti index 0d4b6268a..05fb42c6f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti @@ -3,22 +3,22 @@ module Libcrux_ml_kem.Vector.Portable.Vector_type open Core open FStar.Mul -type t_PortableVector = { f_elements:t_Array i16 (sz 16) } +type t_PortableVector = { f_elements:t_Array i16 (mk_usize 16) } val from_i16_array (array: t_Slice i16) : Prims.Pure t_PortableVector - (requires (Core.Slice.impl__len #i16 array <: usize) =. sz 16) + (requires (Core.Slice.impl__len #i16 array <: usize) =. mk_usize 16) (ensures fun result -> let result:t_PortableVector = result in result.f_elements == array) val to_i16_array (x: t_PortableVector) - : Prims.Pure (t_Array i16 (sz 16)) + : Prims.Pure (t_Array i16 (mk_usize 16)) Prims.l_True (ensures fun result -> - let result:t_Array i16 (sz 16) = result in + let result:t_Array i16 (mk_usize 16) = result in result == x.f_elements) [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -33,4 +33,4 @@ val zero: Prims.unit (ensures fun result -> let result:t_PortableVector = result in - result.f_elements == Seq.create 16 0s) + result.f_elements == Seq.create 16 (mk_i16 0)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst index e59261ebb..35ab70201 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst @@ -31,7 +31,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array i16 (sz 16)) + (out: t_Array i16 (mk_usize 16)) -> true); f_repr @@ -91,11 +91,11 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_ZERO_post = (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - impl.f_repr out == Seq.create 16 0s); + impl.f_repr out == Seq.create 16 (mk_i16 0)); f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Portable.Vector_type.zero ()); f_from_i16_array_pre = - (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); + (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. mk_usize 16); f_from_i16_array_post = (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -110,7 +110,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array i16 (sz 16)) + (out: t_Array i16 (mk_usize 16)) -> out == impl.f_repr x); f_to_i16_array @@ -209,7 +209,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_shift_right_pre = (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l); + v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16); f_shift_right_post = (fun @@ -217,7 +217,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + (v_SHIFT_BY >=. (mk_i32 0) /\ v_SHIFT_BY <. (mk_i32 16)) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr v)); f_shift_right = @@ -234,7 +234,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr v)); + Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) + (impl.f_repr v)); f_cond_subtract_3329_ = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -538,14 +539,16 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 2)) + (out: t_Array u8 (mk_usize 2)) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr a) out); f_serialize_1_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_1_ a); - f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2); + f_deserialize_1_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 2); f_deserialize_1_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -559,14 +562,16 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 8)) + (out: t_Array u8 (mk_usize 8)) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr a) out); f_serialize_4_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_4_ a); - f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8); + f_deserialize_4_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 8); f_deserialize_4_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -579,13 +584,15 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 10)) + (out: t_Array u8 (mk_usize 10)) -> true); f_serialize_5_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_5_ a); - f_deserialize_5_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 10); + f_deserialize_5_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 10); f_deserialize_5_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -598,14 +605,16 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 20)) + (out: t_Array u8 (mk_usize 20)) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr a) out); f_serialize_10_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_10_ a); - f_deserialize_10_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 20); + f_deserialize_10_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 20); f_deserialize_10_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -618,13 +627,15 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 22)) + (out: t_Array u8 (mk_usize 22)) -> true); f_serialize_11_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_11_ a); - f_deserialize_11_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 22); + f_deserialize_11_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 22); f_deserialize_11_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -637,14 +648,16 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 24)) + (out: t_Array u8 (mk_usize 24)) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr a) out); f_serialize_12_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_12_ a); - f_deserialize_12_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 24); + f_deserialize_12_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24); f_deserialize_12_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -653,8 +666,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> - (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && - (Core.Slice.impl__len #i16 out <: usize) =. sz 16); + (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24 && + (Core.Slice.impl__len #i16 out <: usize) =. mk_usize 16); f_rej_sample_post = (fun (a: t_Slice u8) (out: t_Slice i16) (out_future, result: (t_Slice i16 & usize)) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index c9cf458ce..73da686ed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -12,19 +12,19 @@ let _ = val deserialize_11_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 22) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 22) (fun _ -> Prims.l_True) val deserialize_5_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 10) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 10) (fun _ -> Prims.l_True) val serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) val serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 10)) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl:Libcrux_ml_kem.Vector.Traits.t_Repr @@ -32,7 +32,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector val deserialize_1_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 2) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 2) (ensures fun out -> let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in @@ -40,7 +40,7 @@ val deserialize_1_ (a: t_Slice u8) val deserialize_10_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 20) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 20) (ensures fun out -> let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in @@ -48,7 +48,7 @@ val deserialize_10_ (a: t_Slice u8) val deserialize_12_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 24) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24) (ensures fun out -> let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in @@ -56,45 +56,45 @@ val deserialize_12_ (a: t_Slice u8) val deserialize_4_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 8) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 8) (ensures fun out -> let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out)) val serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 2)) + : Prims.Pure (t_Array u8 (mk_usize 2)) (requires Spec.MLKEM.serialize_pre 1 (impl.f_repr a)) (ensures fun out -> - let out:t_Array u8 (sz 2) = out in + let out:t_Array u8 (mk_usize 2) = out in Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr a) out) val serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 20)) + : Prims.Pure (t_Array u8 (mk_usize 20)) (requires Spec.MLKEM.serialize_pre 10 (impl.f_repr a)) (ensures fun out -> - let out:t_Array u8 (sz 20) = out in + let out:t_Array u8 (mk_usize 20) = out in Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr a) out) val serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 24)) + : Prims.Pure (t_Array u8 (mk_usize 24)) (requires Spec.MLKEM.serialize_pre 12 (impl.f_repr a)) (ensures fun out -> - let out:t_Array u8 (sz 24) = out in + let out:t_Array u8 (mk_usize 24) = out in Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr a) out) val serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 8)) + : Prims.Pure (t_Array u8 (mk_usize 8)) (requires Spec.MLKEM.serialize_pre 4 (impl.f_repr a)) (ensures fun out -> - let out:t_Array u8 (sz 8) = out in + let out:t_Array u8 (mk_usize 8) = out in Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr a) out) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti index 3d4f6be0a..266647e09 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti @@ -3,2018 +3,2054 @@ module Libcrux_ml_kem.Vector.Rej_sample_table open Core open FStar.Mul -let v_REJECTION_SAMPLE_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 256) = +let v_REJECTION_SAMPLE_SHUFFLE_TABLE: t_Array (t_Array u8 (mk_usize 16)) (mk_usize 256) = let list = [ (let list = [ - 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy; 255uy + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; + mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; + mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index 534f1aae9..422de332c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -12,7 +12,7 @@ let decompress_1_ = let z:v_T = f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () in let _:Prims.unit = - assert (forall i. Seq.index (i1._super_12682756204189288427.f_repr z) i == 0s) + assert (forall i. Seq.index (i1._super_12682756204189288427.f_repr z) i == mk_i16 0) in let _:Prims.unit = assert (forall i. @@ -28,11 +28,11 @@ let decompress_1_ let s:v_T = f_sub #v_T #FStar.Tactics.Typeclasses.solve z vec in let _:Prims.unit = assert (forall i. - Seq.index (i1._super_12682756204189288427.f_repr s) i == 0s \/ - Seq.index (i1._super_12682756204189288427.f_repr s) i == (-1s)) + Seq.index (i1._super_12682756204189288427.f_repr s) i == mk_i16 0 \/ + Seq.index (i1._super_12682756204189288427.f_repr s) i == mk_i16 (- 1)) in - let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in - f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s + let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s (mk_i16 1665)) in + f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s (mk_i16 1665) #pop-options @@ -60,7 +60,7 @@ let to_unsigned_representative (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) (a: v_T) = - let t:v_T = f_shift_right #v_T #FStar.Tactics.Typeclasses.solve 15l a in + let t:v_T = f_shift_right #v_T #FStar.Tactics.Typeclasses.solve (mk_i32 15) a in let fm:v_T = f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve t v_FIELD_MODULUS in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 8b0564a28..9e4fe574b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -3,25 +3,25 @@ module Libcrux_ml_kem.Vector.Traits open Core open FStar.Mul -let v_BARRETT_SHIFT: i32 = 26l +let v_BARRETT_SHIFT: i32 = mk_i32 26 -let v_BARRETT_R: i32 = 1l < pred: Type0{true ==> pred}; - f_repr_post:v_Self -> t_Array i16 (sz 16) -> Type0; + f_repr_post:v_Self -> t_Array i16 (mk_usize 16) -> Type0; f_repr:x0: v_Self - -> Prims.Pure (t_Array i16 (sz 16)) (f_repr_pre x0) (fun result -> f_repr_post x0 result) + -> Prims.Pure (t_Array i16 (mk_usize 16)) (f_repr_pre x0) (fun result -> f_repr_post x0 result) } class t_Operations (v_Self: Type0) = { @@ -39,19 +39,19 @@ class t_Operations (v_Self: Type0) = { Type0 { pred ==> (let _:Prims.unit = x in - f_repr result == Seq.create 16 0s) }; + f_repr result == Seq.create 16 (mk_i16 0)) }; f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); f_from_i16_array_pre:array: t_Slice i16 - -> pred: Type0{(Core.Slice.impl__len #i16 array <: usize) =. sz 16 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #i16 array <: usize) =. mk_usize 16 ==> pred}; f_from_i16_array_post:array: t_Slice i16 -> result: v_Self -> pred: Type0{pred ==> f_repr result == array}; f_from_i16_array:x0: t_Slice i16 -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); f_to_i16_array_pre:x: v_Self -> pred: Type0{true ==> pred}; - f_to_i16_array_post:x: v_Self -> result: t_Array i16 (sz 16) + f_to_i16_array_post:x: v_Self -> result: t_Array i16 (mk_usize 16) -> pred: Type0{pred ==> f_repr x == result}; f_to_i16_array:x0: v_Self - -> Prims.Pure (t_Array i16 (sz 16)) + -> Prims.Pure (t_Array i16 (mk_usize 16)) (f_to_i16_array_pre x0) (fun result -> f_to_i16_array_post x0 result); f_add_pre:lhs: v_Self -> rhs: v_Self @@ -114,12 +114,12 @@ class t_Operations (v_Self: Type0) = { (f_bitwise_and_with_constant_pre x0 x1) (fun result -> f_bitwise_and_with_constant_post x0 x1 result); f_shift_right_pre:v_SHIFT_BY: i32 -> v: v_Self - -> pred: Type0{v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l ==> pred}; + -> pred: Type0{v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16 ==> pred}; f_shift_right_post:v_SHIFT_BY: i32 -> v: v_Self -> result: v_Self -> pred: Type0 { pred ==> - (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + (v_SHIFT_BY >=. (mk_i32 0) /\ v_SHIFT_BY <. (mk_i32 16)) ==> f_repr result == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (f_repr v) }; f_shift_right:v_SHIFT_BY: i32 -> x0: v_Self -> Prims.Pure v_Self @@ -132,7 +132,8 @@ class t_Operations (v_Self: Type0) = { Type0 { pred ==> f_repr result == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (f_repr v) }; + Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) + (f_repr v) }; f_cond_subtract_3329_:x0: v_Self -> Prims.Pure v_Self (f_cond_subtract_3329_pre x0) @@ -303,63 +304,63 @@ class t_Operations (v_Self: Type0) = { (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); f_serialize_1_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 1 (f_repr a) ==> pred}; - f_serialize_1_post:a: v_Self -> result: t_Array u8 (sz 2) + f_serialize_1_post:a: v_Self -> result: t_Array u8 (mk_usize 2) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 1 (f_repr a) ==> Spec.MLKEM.serialize_post 1 (f_repr a) result }; f_serialize_1_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 2)) + -> Prims.Pure (t_Array u8 (mk_usize 2)) (f_serialize_1_pre x0) (fun result -> f_serialize_1_post x0 result); f_deserialize_1_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 2 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 2 ==> pred}; f_deserialize_1_post:a: t_Slice u8 -> result: v_Self -> pred: Type0{pred ==> sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (f_repr result)}; f_deserialize_1_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); f_serialize_4_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 4 (f_repr a) ==> pred}; - f_serialize_4_post:a: v_Self -> result: t_Array u8 (sz 8) + f_serialize_4_post:a: v_Self -> result: t_Array u8 (mk_usize 8) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 4 (f_repr a) ==> Spec.MLKEM.serialize_post 4 (f_repr a) result }; f_serialize_4_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 8)) + -> Prims.Pure (t_Array u8 (mk_usize 8)) (f_serialize_4_pre x0) (fun result -> f_serialize_4_post x0 result); f_deserialize_4_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 8 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 8 ==> pred}; f_deserialize_4_post:a: t_Slice u8 -> result: v_Self -> pred: Type0{pred ==> sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (f_repr result)}; f_deserialize_4_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); f_serialize_5_pre:v_Self -> Type0; - f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> Type0; + f_serialize_5_post:v_Self -> t_Array u8 (mk_usize 10) -> Type0; f_serialize_5_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 10)) + -> Prims.Pure (t_Array u8 (mk_usize 10)) (f_serialize_5_pre x0) (fun result -> f_serialize_5_post x0 result); f_deserialize_5_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 10 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 10 ==> pred}; f_deserialize_5_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_5_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); f_serialize_10_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 10 (f_repr a) ==> pred}; - f_serialize_10_post:a: v_Self -> result: t_Array u8 (sz 20) + f_serialize_10_post:a: v_Self -> result: t_Array u8 (mk_usize 20) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 10 (f_repr a) ==> Spec.MLKEM.serialize_post 10 (f_repr a) result }; f_serialize_10_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 20)) + -> Prims.Pure (t_Array u8 (mk_usize 20)) (f_serialize_10_pre x0) (fun result -> f_serialize_10_post x0 result); f_deserialize_10_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 20 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 20 ==> pred}; f_deserialize_10_post:a: t_Slice u8 -> result: v_Self -> pred: Type0 @@ -367,29 +368,29 @@ class t_Operations (v_Self: Type0) = { f_deserialize_10_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); f_serialize_11_pre:v_Self -> Type0; - f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> Type0; + f_serialize_11_post:v_Self -> t_Array u8 (mk_usize 22) -> Type0; f_serialize_11_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 22)) + -> Prims.Pure (t_Array u8 (mk_usize 22)) (f_serialize_11_pre x0) (fun result -> f_serialize_11_post x0 result); f_deserialize_11_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 22 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 22 ==> pred}; f_deserialize_11_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_11_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); f_serialize_12_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 12 (f_repr a) ==> pred}; - f_serialize_12_post:a: v_Self -> result: t_Array u8 (sz 24) + f_serialize_12_post:a: v_Self -> result: t_Array u8 (mk_usize 24) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 12 (f_repr a) ==> Spec.MLKEM.serialize_post 12 (f_repr a) result }; f_serialize_12_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 24)) + -> Prims.Pure (t_Array u8 (mk_usize 24)) (f_serialize_12_pre x0) (fun result -> f_serialize_12_post x0 result); f_deserialize_12_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 24 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24 ==> pred}; f_deserialize_12_post:a: t_Slice u8 -> result: v_Self -> pred: Type0 @@ -399,8 +400,8 @@ class t_Operations (v_Self: Type0) = { f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0 - { (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && - (Core.Slice.impl__len #i16 out <: usize) =. sz 16 ==> + { (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24 && + (Core.Slice.impl__len #i16 out <: usize) =. mk_usize 16 ==> pred }; f_rej_sample_post:a: t_Slice u8 -> out: t_Slice i16 -> x: (t_Slice i16 & usize) -> pred: @@ -419,7 +420,7 @@ val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (vec: v_T) (requires forall i. let x = Seq.index (i1._super_12682756204189288427.f_repr vec) i in - (x == 0s \/ x == 1s)) + (x == mk_i16 0 \/ x == mk_i16 1)) (fun _ -> Prims.l_True) val montgomery_multiply_fe (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) (fer: i16) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index dc97bb645..9a4aff266 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -5,8 +5,8 @@ open FStar.Mul open Core open Spec.Utils -let v_FIELD_MODULUS: i32 = 3329l -let is_rank (r:usize) = v r == 2 \/ v r == 3 \/ v r == 4 +let v_FIELD_MODULUS: i32 = mk_i32 3329 +let is_rank (r:usize) = r == sz 2 \/ r == sz 3 \/ r == sz 4 type rank = r:usize{is_rank r} diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 5fc57dfcc..8d4ed7f47 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -39,13 +39,17 @@ val v_VECTOR_U_COMPRESSION_FACTOR (r:rank) : u:usize{u == sz 10 \/ u == sz 11} let v_VECTOR_U_COMPRESSION_FACTOR (r:rank) : usize = if r = sz 2 then sz 10 else if r = sz 3 then sz 10 else - if r = sz 4 then sz 11 + if r = sz 4 then sz 11 else ( + assert (false); + sz 0) val v_VECTOR_V_COMPRESSION_FACTOR (r:rank) : u:usize{u == sz 4 \/ u == sz 5} let v_VECTOR_V_COMPRESSION_FACTOR (r:rank) : usize = if r = sz 2 then sz 4 else if r = sz 3 then sz 4 else - if r = sz 4 then sz 5 + if r = sz 4 then sz 5 else ( + assert (false); + sz 0) val v_ETA1_RANDOMNESS_SIZE (r:rank) : u:usize{u == sz 128 \/ u == sz 192} let v_ETA1_RANDOMNESS_SIZE (r:rank) = v_ETA1 r *! sz 64 @@ -132,7 +136,7 @@ let sample_polynomial_ntt seed = if sampled < 256 then poly0, false else poly1, true let sample_polynomial_ntt_at_index (seed:t_Array u8 (sz 32)) (i j: (x:usize{v x <= 4})) : polynomial & bool = - let seed34 = Seq.append seed (Seq.create 2 0uy) in + let seed34 = Seq.append seed (Seq.create 2 (mk_u8 0)) in let seed34 = Rust_primitives.Hax.update_at seed34 (sz 32) (mk_int #u8_inttype (v i)) in let seed34 = Rust_primitives.Hax.update_at seed34 (sz 33) (mk_int #u8_inttype (v j)) in sample_polynomial_ntt seed34 diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index cbe51c827..4fcf793dd 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -116,15 +116,18 @@ type t_Result a b = (** Hash Function *) open Spec.SHA3 +let to_secret_byte (x:u8) : Lib.IntTypes.uint8 = Lib.IntTypes.secret (to_uint8 x) +let from_secret_byte (x:Lib.IntTypes.uint8) : u8 = from_uint8 (Lib.RawIntTypes.u8_to_UInt8 x) + val v_G (input: t_Slice u8) : t_Array u8 (sz 64) -let v_G input = map_slice Lib.RawIntTypes.u8_to_UInt8 (sha3_512 (Seq.length input) (map_slice Lib.IntTypes.secret input)) +let v_G input = map_slice from_secret_byte (sha3_512 (Seq.length input) (map_slice to_secret_byte input)) val v_H (input: t_Slice u8) : t_Array u8 (sz 32) -let v_H input = map_slice Lib.RawIntTypes.u8_to_UInt8 (sha3_256 (Seq.length input) (map_slice Lib.IntTypes.secret input)) +let v_H input = map_slice from_secret_byte (sha3_256 (Seq.length input) (map_slice to_secret_byte input)) val v_PRF (v_LEN: usize{v v_LEN < pow2 32}) (input: t_Slice u8) : t_Array u8 v_LEN -let v_PRF v_LEN input = map_slice Lib.RawIntTypes.u8_to_UInt8 ( - shake256 (Seq.length input) (map_slice Lib.IntTypes.secret input) (v v_LEN)) +let v_PRF v_LEN input = map_slice from_secret_byte ( + shake256 (Seq.length input) (map_slice to_secret_byte input) (v v_LEN)) assume val v_PRFxN (r:usize{v r == 2 \/ v r == 3 \/ v r == 4}) (v_LEN: usize{v v_LEN < pow2 32}) (input: t_Array (t_Array u8 (sz 33)) r) : t_Array (t_Array u8 v_LEN) r @@ -132,8 +135,8 @@ assume val v_PRFxN (r:usize{v r == 2 \/ v r == 3 \/ v r == 4}) (v_LEN: usize{v v let v_J (input: t_Slice u8) : t_Array u8 (sz 32) = v_PRF (sz 32) input val v_XOF (v_LEN: usize{v v_LEN < pow2 32}) (input: t_Slice u8) : t_Array u8 v_LEN -let v_XOF v_LEN input = map_slice Lib.RawIntTypes.u8_to_UInt8 ( - shake128 (Seq.length input) (map_slice Lib.IntTypes.secret input) (v v_LEN)) +let v_XOF v_LEN input = map_slice from_secret_byte ( + shake128 (Seq.length input) (map_slice to_secret_byte input) (v v_LEN)) let update_at_range_lemma #n (s: t_Slice 't) @@ -250,16 +253,16 @@ let lemma_sub_i16b (b1 b2:nat) (n1 n2:i16) = () let mont_mul_red_i16 (x:i16) (y:i16) : i16= let vlow = x *. y in - let k = vlow *. (neg 3327s) in - let k_times_modulus = cast (((cast k <: i32) *. 3329l) >>! 16l) <: i16 in - let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16 in + let k = vlow *. (neg (mk_i16 3327)) in + let k_times_modulus = cast (((cast k <: i32) *. (mk_i32 3329)) >>! (mk_i32 16)) <: i16 in + let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16 in vhigh -. k_times_modulus let mont_red_i32 (x:i32) : i16 = let vlow = cast x <: i16 in - let k = vlow *. (neg 3327s) in - let k_times_modulus = cast (((cast k <: i32) *. 3329l) >>! 16l) <: i16 in - let vhigh = cast (x >>! 16l) <: i16 in + let k = vlow *. (neg (mk_i16 3327)) in + let k_times_modulus = cast (((cast k <: i32) *. (mk_i32 3329)) >>! (mk_i32 16)) <: i16 in + let vhigh = cast (x >>! (mk_i32 16)) <: i16 in vhigh -. k_times_modulus #push-options "--z3rlimit 100" @@ -295,16 +298,16 @@ val lemma_mont_red_i32 (x:i32): Lemma let lemma_mont_red_i32 (x:i32) = let vlow = cast x <: i16 in assert (v vlow == v x @% pow2 16); - let k = vlow *. (neg 3327s) in + let k = vlow *. (neg (mk_i16 3327)) in assert (v k == ((v x @% pow2 16) * (- 3327)) @% pow2 16); - let k_times_modulus = (cast k <: i32) *. 3329l in + let k_times_modulus = (cast k <: i32) *. (mk_i32 3329) in assert (v k_times_modulus == (v k * 3329)); - let c = cast (k_times_modulus >>! 16l) <: i16 in + let c = cast (k_times_modulus >>! (mk_i32 16)) <: i16 in assert (v c == (((v k * 3329) / pow2 16) @% pow2 16)); lemma_div_at_percent (v k * 3329) (pow2 16); assert (v c == (((v k * 3329) / pow2 16))); assert (is_i16b 1665 c); - let vhigh = cast (x >>! 16l) <: i16 in + let vhigh = cast (x >>! (mk_i32 16)) <: i16 in lemma_div_at_percent (v x) (pow2 16); assert (v vhigh == v x / pow2 16); assert (is_i16b 3328 vhigh); @@ -368,16 +371,16 @@ let lemma_mont_mul_red_i16_int (x y:i16) = let vlow = x *. y in let prod = v x * v y in assert (v vlow == prod @% pow2 16); - let k = vlow *. (neg 3327s) in + let k = vlow *. (neg (mk_i16 3327)) in assert (v k == (((prod) @% pow2 16) * (- 3327)) @% pow2 16); - let k_times_modulus = (cast k <: i32) *. 3329l in + let k_times_modulus = (cast k <: i32) *. (mk_i32 3329) in assert (v k_times_modulus == (v k * 3329)); - let c = cast (k_times_modulus >>! 16l) <: i16 in + let c = cast (k_times_modulus >>! (mk_i32 16)) <: i16 in assert (v c == (((v k * 3329) / pow2 16) @% pow2 16)); lemma_div_at_percent (v k * 3329) (pow2 16); assert (v c == (((v k * 3329) / pow2 16))); assert (is_i16b 1665 c); - let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16 in + let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16 in assert (v x @% pow2 32 == v x); assert (v y @% pow2 32 == v y); assert (v ((cast x <: i32) *. (cast y <: i32)) == (v x * v y) @% pow2 32); @@ -448,10 +451,10 @@ let lemma_mont_mul_red_i16 x y = else lemma_mont_mul_red_i16_int x y let barrett_red (x:i16) = - let t1 = cast (((cast x <: i32) *. (cast 20159s <: i32)) >>! 16l) <: i16 in - let t2 = t1 +. 512s in - let q = t2 >>! 10l in - let qm = q *. 3329s in + let t1 = cast (((cast x <: i32) *. (cast (mk_i16 20159) <: i32)) >>! (mk_i32 16)) <: i16 in + let t2 = t1 +. (mk_i16 512) in + let q = t2 >>! (mk_i32 10) in + let qm = q *. (mk_i16 3329) in x -. qm let lemma_barrett_red (x:i16) : Lemma @@ -463,22 +466,22 @@ let lemma_barrett_red (x:i16) : Lemma = admit() let cond_sub (x:i16) = - let xm = x -. 3329s in - let mask = xm >>! 15l in - let mm = mask &. 3329s in + let xm = x -. (mk_i16 3329) in + let mask = xm >>! (mk_i32 15) in + let mm = mask &. (mk_i16 3329) in xm +. mm let lemma_cond_sub x: Lemma (let r = cond_sub x in - if x >=. 3329s then r == x -! 3329s else r == x) + if x >=. (mk_i16 3329) then r == x -! (mk_i16 3329) else r == x) [SMTPat (cond_sub x)] = admit() let lemma_shift_right_15_i16 (x:i16): - Lemma (if v x >= 0 then (x >>! 15l) == 0s else (x >>! 15l) == -1s) = - Rust_primitives.Integers.mk_int_v_lemma #i16_inttype 0s; - Rust_primitives.Integers.mk_int_v_lemma #i16_inttype (-1s); + Lemma (if v x >= 0 then (x >>! (mk_i32 15)) == mk_i16 0 else (x >>! (mk_i32 15)) == (mk_i16 (-1))) = + Rust_primitives.Integers.mk_int_v_lemma #i16_inttype (mk_i16 0); + Rust_primitives.Integers.mk_int_v_lemma #i16_inttype (mk_i16 (-1)); () val ntt_spec #len (vec_in: t_Array i16 len) (zeta: int) (i: nat{i < v len}) (j: nat{j < v len}) diff --git a/libcrux-ml-kem/src/constant_time_ops.rs b/libcrux-ml-kem/src/constant_time_ops.rs index b462a2cff..649be46ae 100644 --- a/libcrux-ml-kem/src/constant_time_ops.rs +++ b/libcrux-ml-kem/src/constant_time_ops.rs @@ -11,8 +11,8 @@ use crate::constants::SHARED_SECRET_SIZE; // XXX: We have to disable this for C extraction for now. See eurydice/issues#37 /// Return 1 if `value` is not zero and 0 otherwise. -#[hax_lib::ensures(|result| fstar!(r#"($value == 0uy ==> $result == 0uy) /\ - ($value =!= 0uy ==> $result == 1uy)"#))] +#[hax_lib::ensures(|result| fstar!(r#"($value == (mk_u8 0) ==> $result == (mk_u8 0)) /\ + ($value =!= (mk_u8 0) ==> $result == (mk_u8 1))"#))] fn inz(value: u8) -> u8 { let _orig_value = value; let value = value as u16; @@ -22,15 +22,15 @@ fn inz(value: u8) -> u8 { r#"if v $_orig_value = 0 then ( assert($value == zero); lognot_lemma $value; - assert((~.$value +. 1us) == zero); - assert((Core.Num.impl__u16__wrapping_add (~.$value <: u16) 1us <: u16) == zero); + assert((~.$value +. (mk_u16 1)) == zero); + assert((Core.Num.impl__u16__wrapping_add (~.$value <: u16) (mk_u16 1) <: u16) == zero); logor_lemma $value zero; - assert(($value |. (Core.Num.impl__u16__wrapping_add (~.$value <: u16) 1us <: u16) <: u16) == $value); - assert (v $result == v (($value >>! 8l))); + assert(($value |. (Core.Num.impl__u16__wrapping_add (~.$value <: u16) (mk_u16 1) <: u16) <: u16) == $value); + assert (v $result == v (($value >>! (mk_i32 8)))); assert ((v $value / pow2 8) == 0); - assert ($result == 0uy); - logand_lemma 1uy $result; - assert ($res == 0uy)) + assert ($result == (mk_u8 0)); + logand_lemma (mk_u8 1) $result; + assert ($res == (mk_u8 0))) else ( assert (v $value <> 0); lognot_lemma $value; @@ -40,17 +40,17 @@ fn inz(value: u8) -> u8 { assert ((v (~.$value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v $value)); assert ((v (~.$value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v $value)); assert ((v (~.$value) + 1)/pow2 8 = (pow2 8 - 1)); - assert (v ((Core.Num.impl__u16__wrapping_add (~.$value <: u16) 1us <: u16) >>! 8l) = pow2 8 - 1); + assert (v ((Core.Num.impl__u16__wrapping_add (~.$value <: u16) (mk_u16 1) <: u16) >>! (mk_i32 8)) = pow2 8 - 1); assert ($result = ones); - logand_lemma 1uy $result; - assert ($res = 1uy))"# + logand_lemma (mk_u8 1) $result; + assert ($res = (mk_u8 1)))"# ); res } #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out. -#[hax_lib::ensures(|result| fstar!(r#"($value == 0uy ==> $result == 0uy) /\ - ($value =!= 0uy ==> $result == 1uy)"#))] +#[hax_lib::ensures(|result| fstar!(r#"($value == (mk_u8 0) ==> $result == (mk_u8 0)) /\ + ($value =!= (mk_u8 0) ==> $result == (mk_u8 1))"#))] fn is_non_zero(value: u8) -> u8 { #[cfg(eurydice)] return inz(value); @@ -62,8 +62,8 @@ fn is_non_zero(value: u8) -> u8 { /// Return 1 if the bytes of `lhs` and `rhs` do not exactly /// match and 0 otherwise. #[hax_lib::requires(lhs.len() == rhs.len())] -#[hax_lib::ensures(|result| fstar!(r#"($lhs == $rhs ==> $result == 0uy) /\ - ($lhs =!= $rhs ==> $result == 1uy)"#))] +#[hax_lib::ensures(|result| fstar!(r#"($lhs == $rhs ==> $result == (mk_u8 0)) /\ + ($lhs =!= $rhs ==> $result == (mk_u8 1))"#))] fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { let mut r: u8 = 0; for i in 0..lhs.len() { @@ -71,13 +71,13 @@ fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { fstar!( r#"v $i <= Seq.length $lhs /\ (if (Seq.slice $lhs 0 (v $i) = Seq.slice $rhs 0 (v $i)) then - $r == 0uy - else ~ ($r == 0uy))"# + $r == (mk_u8 0) + else ~ ($r == (mk_u8 0)))"# ) }); let nr = r | (lhs[i] ^ rhs[i]); hax_lib::fstar!( - r#"if $r =. 0uy then ( + r#"if $r =. (mk_u8 0) then ( if (Seq.index $lhs (v $i) = Seq.index $rhs (v $i)) then ( logxor_lemma (Seq.index $lhs (v $i)) (Seq.index $rhs (v $i)); assert (((${lhs}.[ $i ] <: u8) ^. (${rhs}.[ $i ] <: u8) <: u8) = zero); @@ -118,15 +118,15 @@ fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { lhs.len() == rhs.len() && lhs.len() == SHARED_SECRET_SIZE )] -#[hax_lib::ensures(|result| fstar!(r#"($selector == 0uy ==> $result == $lhs) /\ - ($selector =!= 0uy ==> $result == $rhs)"#))] +#[hax_lib::ensures(|result| fstar!(r#"($selector == (mk_u8 0) ==> $result == $lhs) /\ + ($selector =!= (mk_u8 0) ==> $result == $rhs)"#))] #[hax_lib::fstar::options("--ifuel 0 --z3rlimit 50")] fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] { let mask = is_non_zero(selector).wrapping_sub(1); hax_lib::fstar!( - "assert (if $selector = 0uy then $mask = ones else $mask = zero); + "assert (if $selector = (mk_u8 0) then $mask = ones else $mask = zero); lognot_lemma $mask; - assert (if $selector = 0uy then ~.$mask = zero else ~.$mask = ones)" + assert (if $selector = (mk_u8 0) then ~.$mask = zero else ~.$mask = ones)" ); let mut out = [0u8; SHARED_SECRET_SIZE]; @@ -134,14 +134,14 @@ fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] { hax_lib::loop_invariant!(|i: usize| { fstar!( r#"v $i <= v $SHARED_SECRET_SIZE /\ - (forall j. j < v $i ==> (if ($selector =. 0uy) then Seq.index $out j == Seq.index $lhs j else Seq.index $out j == Seq.index $rhs j)) /\ - (forall j. j >= v $i ==> Seq.index $out j == 0uy)"# + (forall j. j < v $i ==> (if ($selector =. (mk_u8 0)) then Seq.index $out j == Seq.index $lhs j else Seq.index $out j == Seq.index $rhs j)) /\ + (forall j. j >= v $i ==> Seq.index $out j == (mk_u8 0))"# ) }); - hax_lib::fstar!(r#"assert ((${out}.[ $i ] <: u8) = 0uy)"#); + hax_lib::fstar!(r#"assert ((${out}.[ $i ] <: u8) = (mk_u8 0))"#); let outi = (lhs[i] & mask) | (rhs[i] & !mask); hax_lib::fstar!( - r#"if ($selector = 0uy) then ( + r#"if ($selector = (mk_u8 0)) then ( logand_lemma (${lhs}.[ $i ] <: u8) $mask; assert (((${lhs}.[ $i ] <: u8) &. $mask <: u8) == (${lhs}.[ $i ] <: u8)); logand_lemma (${rhs}.[ $i ] <: u8) (~.$mask); @@ -169,7 +169,7 @@ fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] { } hax_lib::fstar!( - "if ($selector =. 0uy) then ( + "if ($selector =. (mk_u8 0)) then ( eq_intro $out $lhs ) else ( @@ -181,8 +181,8 @@ fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] { #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out. #[hax_lib::requires(lhs.len() == rhs.len())] -#[hax_lib::ensures(|result| fstar!(r#"($lhs == $rhs ==> $result == 0uy) /\ - ($lhs =!= $rhs ==> $result == 1uy)"#))] +#[hax_lib::ensures(|result| fstar!(r#"($lhs == $rhs ==> $result == (mk_u8 0)) /\ + ($lhs =!= $rhs ==> $result == (mk_u8 1))"#))] pub(crate) fn compare_ciphertexts_in_constant_time(lhs: &[u8], rhs: &[u8]) -> u8 { #[cfg(eurydice)] return compare(lhs, rhs); @@ -196,8 +196,8 @@ pub(crate) fn compare_ciphertexts_in_constant_time(lhs: &[u8], rhs: &[u8]) -> u8 lhs.len() == rhs.len() && lhs.len() == SHARED_SECRET_SIZE )] -#[hax_lib::ensures(|result| fstar!(r#"($selector == 0uy ==> $result == $lhs) /\ - ($selector =!= 0uy ==> $result == $rhs)"#))] +#[hax_lib::ensures(|result| fstar!(r#"($selector == (mk_u8 0) ==> $result == $lhs) /\ + ($selector =!= (mk_u8 0) ==> $result == $rhs)"#))] pub(crate) fn select_shared_secret_in_constant_time( lhs: &[u8], rhs: &[u8], @@ -215,9 +215,9 @@ pub(crate) fn select_shared_secret_in_constant_time( lhs_s.len() == rhs_s.len() && lhs_s.len() == SHARED_SECRET_SIZE )] -#[hax_lib::ensures(|result| fstar!(r#"let selector = if $lhs_c =. $rhs_c then 0uy else 1uy in - ((selector == 0uy ==> $result == $lhs_s) /\ - (selector =!= 0uy ==> $result == $rhs_s))"#))] +#[hax_lib::ensures(|result| fstar!(r#"let selector = if $lhs_c =. $rhs_c then (mk_u8 0) else (mk_u8 1) in + ((selector == (mk_u8 0) ==> $result == $lhs_s) /\ + (selector =!= (mk_u8 0) ==> $result == $rhs_s))"#))] pub(crate) fn compare_ciphertexts_select_shared_secret_in_constant_time( lhs_c: &[u8], rhs_c: &[u8], diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index 2434eafea..a91003d31 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -254,8 +254,8 @@ pub(crate) fn ntt_at_layer_4_plus( (re_0 re_1: v_Vector) = (forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) - (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v (-1600s))) /\ - (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 (-1600s) in + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v ((mk_i16 (-1600))))) /\ + (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 ((mk_i16 (-1600))) in (forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) - diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index 080d8e41b..36cb7153e 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -178,21 +178,21 @@ fn sample_from_binomial_distribution_2( let even_bits = random_bits_as_u32 & 0x55555555; let odd_bits = (random_bits_as_u32 >> 1) & 0x55555555; - hax_lib::fstar!(r#"logand_lemma $random_bits_as_u32 1431655765ul; - logand_lemma ($random_bits_as_u32 >>! 1l) 1431655765ul"#); + hax_lib::fstar!(r#"logand_lemma $random_bits_as_u32 (mk_u32 1431655765); + logand_lemma ($random_bits_as_u32 >>! (mk_i32 1)) (mk_u32 1431655765)"#); let coin_toss_outcomes = even_bits + odd_bits; cloop! { for outcome_set in (0..u32::BITS).step_by(4) { let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x3) as i16; let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 2)) & 0x3) as i16; - hax_lib::fstar!(r#"logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 3ul; - logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 2ul <: u32) <: u32) 3ul; + hax_lib::fstar!(r#"logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) (mk_u32 3); + logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! (mk_u32 2) <: u32) <: u32) (mk_u32 3); assert (v $outcome_1 >= 0 /\ v $outcome_1 <= 3); assert (v $outcome_2 >= 0 /\ v $outcome_2 <= 3); assert (v $chunk_number <= 31); assert (v (sz 8 *! $chunk_number <: usize) <= 248); - assert (v (cast ($outcome_set >>! 2l <: u32) <: usize) <= 7)"#); + assert (v (cast ($outcome_set >>! (mk_i32 2) <: u32) <: usize) <= 7)"#); let offset = (outcome_set >> 2) as usize; sampled_i16s[8 * chunk_number + offset] = outcome_1 - outcome_2; @@ -228,9 +228,9 @@ fn sample_from_binomial_distribution_3( let first_bits = random_bits_as_u24 & 0x00249249; let second_bits = (random_bits_as_u24 >> 1) & 0x00249249; let third_bits = (random_bits_as_u24 >> 2) & 0x00249249; - hax_lib::fstar!(r#"logand_lemma $random_bits_as_u24 2396745ul; - logand_lemma ($random_bits_as_u24 >>! 1l <: u32) 2396745ul; - logand_lemma ($random_bits_as_u24 >>! 2l <: u32) 2396745ul"#); + hax_lib::fstar!(r#"logand_lemma $random_bits_as_u24 (mk_u32 2396745); + logand_lemma ($random_bits_as_u24 >>! (mk_i32 1) <: u32) (mk_u32 2396745); + logand_lemma ($random_bits_as_u24 >>! (mk_i32 2) <: u32) (mk_u32 2396745)"#); let coin_toss_outcomes = first_bits + second_bits + third_bits; @@ -238,13 +238,13 @@ fn sample_from_binomial_distribution_3( for outcome_set in (0..24).step_by(6) { let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x7) as i16; let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 3)) & 0x7) as i16; - hax_lib::fstar!(r#"logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 7ul; - logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 3l <: i32) <: u32) 7ul; + hax_lib::fstar!(r#"logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) (mk_u32 7); + logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! (mk_i32 3) <: i32) <: u32) (mk_u32 7); assert (v $outcome_1 >= 0 /\ v $outcome_1 <= 7); assert (v $outcome_2 >= 0 /\ v $outcome_2 <= 7); assert (v $chunk_number <= 63); assert (v (sz 4 *! $chunk_number <: usize) <= 252); - assert (v (cast ($outcome_set /! 6l <: i32) <: usize) <= 3)"#); + assert (v (cast ($outcome_set /! (mk_i32 6) <: i32) <: usize) <= 3)"#); let offset = (outcome_set / 6) as usize; sampled_i16s[4 * chunk_number + offset] = outcome_1 - outcome_2; diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 6c496a785..013016b1d 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -275,8 +275,7 @@ pub(super) fn compress_then_serialize_ring_element_u< hax_lib::fstar!( r#"assert ( (v (cast $COMPRESSION_FACTOR <: u32) == 10) \/ - (v (cast $COMPRESSION_FACTOR <: u32) == 11)); - Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)"# + (v (cast $COMPRESSION_FACTOR <: u32) == 11))"# ); match COMPRESSION_FACTOR as u32 { 10 => compress_then_serialize_10(re), @@ -361,8 +360,7 @@ pub(super) fn compress_then_serialize_ring_element_v< hax_lib::fstar!( r#"assert ( (v (cast $COMPRESSION_FACTOR <: u32) == 4) \/ - (v (cast $COMPRESSION_FACTOR <: u32) == 5)); - Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)"# + (v (cast $COMPRESSION_FACTOR <: u32) == 5))"# ); match COMPRESSION_FACTOR as u32 { 4 => compress_then_serialize_4(re, out), diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs index ece8cdabc..4dad825ab 100644 --- a/libcrux-ml-kem/src/utils.rs +++ b/libcrux-ml-kem/src/utils.rs @@ -9,13 +9,13 @@ slice.len() <= LEN ))] #[cfg_attr(hax, hax_lib::ensures(|result| - fstar!(r#"$result == Seq.append $slice (Seq.create (v $LEN - v (${slice.len()})) 0uy)"#)))] + fstar!(r#"$result == Seq.append $slice (Seq.create (v $LEN - v (${slice.len()})) (mk_u8 0))"#)))] pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { let mut out = [0u8; LEN]; out[0..slice.len()].copy_from_slice(slice); hax_lib::fstar!(r#"assert (Seq.slice out 0 (Seq.length slice) == slice)"#); hax_lib::fstar!( - r#"assert (Seq.slice out (Seq.length slice) (v v_LEN) == Seq.slice (Seq.create (v v_LEN) 0uy) (Seq.length slice) (v v_LEN))"# + r#"assert (Seq.slice out (Seq.length slice) (v v_LEN) == Seq.slice (Seq.create (v v_LEN) (mk_u8 0)) (Seq.length slice) (v v_LEN))"# ); hax_lib::fstar!( "assert (forall i. i < Seq.length slice ==> Seq.index out i == Seq.index slice i)" @@ -24,7 +24,7 @@ pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { r#"assert (forall i. (i >= Seq.length slice && i < v v_LEN) ==> Seq.index out i == Seq.index (Seq.slice out (Seq.length slice) (v v_LEN)) (i - Seq.length slice))"# ); hax_lib::fstar!( - "Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) 0uy))" + "Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) (mk_u8 0)))" ); out } diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 730fe0e6c..5795867df 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -16,7 +16,7 @@ pub struct SIMD256Vector { #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!(r#"repr ${result} == Seq.create 16 0s"#))] +#[hax_lib::ensures(|result| fstar!(r#"repr ${result} == Seq.create 16 (mk_i16 0)"#))] fn vec_zero() -> SIMD256Vector { SIMD256Vector { elements: mm256_setzero_si256(), @@ -45,7 +45,7 @@ fn vec_from_i16_array(array: &[i16]) -> SIMD256Vector { #[inline(always)] #[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (repr $vector)"#))] -#[hax_lib::ensures(|out| fstar!(r#"repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (repr $vector)"#))] +#[hax_lib::ensures(|out| fstar!(r#"repr out == Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) (repr $vector)"#))] fn cond_subtract_3329(vector: SIMD256Vector) -> SIMD256Vector { SIMD256Vector { elements: arithmetic::cond_subtract_3329(vector.elements), @@ -263,7 +263,7 @@ impl crate::vector::traits::Repr for SIMD256Vector { #[hax_lib::attributes] impl Operations for SIMD256Vector { #[inline(always)] - #[ensures(|out| fstar!(r#"impl.f_repr out == Seq.create 16 0s"#))] + #[ensures(|out| fstar!(r#"impl.f_repr out == Seq.create 16 (mk_i16 0)"#))] fn ZERO() -> Self { vec_zero() } @@ -326,7 +326,7 @@ impl Operations for SIMD256Vector { } #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] - #[ensures(|out| fstar!(r#"(v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"#))] + #[ensures(|out| fstar!(r#"(v_SHIFT_BY >=. (mk_i32 0) /\ v_SHIFT_BY <. (mk_i32 16)) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"#))] #[inline(always)] fn shift_right(vector: Self) -> Self { Self { @@ -335,7 +335,7 @@ impl Operations for SIMD256Vector { } #[requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr $vector)"#))] - #[ensures(|out| fstar!(r#"impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"#))] + #[ensures(|out| fstar!(r#"impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) (impl.f_repr $vector)"#))] #[inline(always)] fn cond_subtract_3329(vector: Self) -> Self { cond_subtract_3329(vector) diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 905c5186b..a7b829584 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -91,7 +91,7 @@ pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 #[inline(always)] #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] -#[hax_lib::ensures(|result| fstar!(r#"(v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> +#[hax_lib::ensures(|result| fstar!(r#"(v_SHIFT_BY >=. (mk_i32 0) /\ v_SHIFT_BY <. (mk_i32 16)) ==> Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"#))] pub(crate) fn shift_right(vector: Vec256) -> Vec256 { @@ -109,33 +109,33 @@ pub(crate) fn shift_right(vector: Vec256) -> Vec256 { #[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"#))] #[hax_lib::ensures(|result| fstar!(r#"forall i. i < 16 ==> get_lane $result i == - (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i)"#))] + (if (get_lane $vector i) >=. (mk_i16 3329) then get_lane $vector i -! (mk_i16 3329) else get_lane $vector i)"#))] pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); - hax_lib::fstar!(r#"assert (forall i. get_lane $field_modulus i == 3329s)"#); + hax_lib::fstar!(r#"assert (forall i. get_lane $field_modulus i == (mk_i16 3329))"#); // Compute v_i - Q and crate a mask from the sign bit of each of these // quantities. let v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); hax_lib::fstar!( - "assert (forall i. get_lane $v_minus_field_modulus i == get_lane $vector i -. 3329s)" + "assert (forall i. get_lane $v_minus_field_modulus i == get_lane $vector i -. (mk_i16 3329))" ); let sign_mask = mm256_srai_epi16::<15>(v_minus_field_modulus); hax_lib::fstar!( - "assert (forall i. get_lane $sign_mask i == (get_lane $v_minus_field_modulus i >>! 15l))" + "assert (forall i. get_lane $sign_mask i == (get_lane $v_minus_field_modulus i >>! (mk_i32 15)))" ); // If v_i - Q < 0 then add back Q to (v_i - Q). let conditional_add_field_modulus = mm256_and_si256(sign_mask, field_modulus); hax_lib::fstar!( - r#"assert (forall i. get_lane $conditional_add_field_modulus i == (get_lane $sign_mask i &. 3329s))"# + r#"assert (forall i. get_lane $conditional_add_field_modulus i == (get_lane $sign_mask i &. (mk_i16 3329)))"# ); let result = mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); hax_lib::fstar!( r#"assert (forall i. get_lane $result i == (get_lane $v_minus_field_modulus i +. get_lane $conditional_add_field_modulus i)); assert (forall i. get_lane $result i == Spec.Utils.cond_sub (get_lane $vector i)); - assert (forall i. get_lane $result i == (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i))"# + assert (forall i. get_lane $result i == (if (get_lane $vector i) >=. (mk_i16 3329) then get_lane $vector i -! (mk_i16 3329) else get_lane $vector i))"# ); result @@ -154,15 +154,15 @@ const BARRETT_MULTIPLIER: i16 = 20159; pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 { let t0 = mm256_mulhi_epi16(vector, mm256_set1_epi16(BARRETT_MULTIPLIER)); hax_lib::fstar!( - r#"assert (forall i. get_lane $t0 i == (cast (((cast (get_lane $vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! 16l) <: i16))"# + r#"assert (forall i. get_lane $t0 i == (cast (((cast (get_lane $vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! (mk_i32 16)) <: i16))"# ); let t512 = mm256_set1_epi16(512); - hax_lib::fstar!(r#"assert (forall i. get_lane $t512 i == 512s)"#); + hax_lib::fstar!(r#"assert (forall i. get_lane $t512 i == (mk_i16 512))"#); let t1 = mm256_add_epi16(t0, t512); - hax_lib::fstar!(r#"assert (forall i. get_lane $t1 i == get_lane $t0 i +. 512s)"#); + hax_lib::fstar!(r#"assert (forall i. get_lane $t1 i == get_lane $t0 i +. (mk_i16 512))"#); let quotient = mm256_srai_epi16::<10>(t1); hax_lib::fstar!( - "assert (forall i. get_lane $quotient i == (((get_lane $t1 i) <: i16) >>! (10l <: i32)))" + "assert (forall i. get_lane $quotient i == (((get_lane $t1 i) <: i16) >>! ((mk_i32 10) <: i32)))" ); let quotient_times_field_modulus = mm256_mullo_epi16(quotient, mm256_set1_epi16(FIELD_MODULUS)); hax_lib::fstar!( @@ -199,31 +199,31 @@ pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) -> value_low, mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - hax_lib::fstar!(r#"assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))"#); + hax_lib::fstar!(r#"assert (forall i. get_lane $k i == get_lane $value_low i *. (neg (mk_i16 3327)))"#); let modulus = mm256_set1_epi16(FIELD_MODULUS); - hax_lib::fstar!(r#"assert (forall i. get_lane $modulus i == 3329s)"#); + hax_lib::fstar!(r#"assert (forall i. get_lane $modulus i == (mk_i16 3329))"#); let k_times_modulus = mm256_mulhi_epi16(k, modulus); hax_lib::fstar!( r#"assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k_times_modulus == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $modulus)); assert (forall i. get_lane $k_times_modulus i == - (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))"# + (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! (mk_i32 16)) <: i16))"# ); let value_high = mm256_mulhi_epi16(vector, vec_constant); hax_lib::fstar!( r#"assert (forall i. get_lane $value_high i == - (cast (((cast (get_lane $vector i) <: i32) *. (cast (get_lane $vec_constant i) <: i32)) >>! 16l) <: i16))"# + (cast (((cast (get_lane $vector i) <: i32) *. (cast (get_lane $vec_constant i) <: i32)) >>! (mk_i32 16)) <: i16))"# ); let result = mm256_sub_epi16(value_high, k_times_modulus); hax_lib::fstar!( r#"Spec.Utils.lemma_range_at_percent 3329 (pow2 32); - assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); - assert (v (cast 3329s <: i32) == 3329); - assert ((cast 3329s <: i32) == 3329l); + assert (v (cast (mk_i16 3329) <: i32) == (3329 @% pow2 32)); + assert (v (cast (mk_i16 3329) <: i32) == 3329); + assert ((cast (mk_i16 3329) <: i32) == (mk_i32 3329)); assert (forall i. get_lane $result i == (get_lane $value_high i) -. (get_lane $k_times_modulus i)); assert (forall i. get_lane $result i == Spec.Utils.mont_mul_red_i16 (get_lane $vector i) $constant); assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i)); @@ -250,33 +250,33 @@ pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) - value_low, mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - hax_lib::fstar!(r#"assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))"#); + hax_lib::fstar!(r#"assert (forall i. get_lane $k i == get_lane $value_low i *. (neg (mk_i16 3327)))"#); let modulus = mm256_set1_epi16(FIELD_MODULUS); - hax_lib::fstar!(r#"assert (forall i. get_lane $modulus i == 3329s)"#); + hax_lib::fstar!(r#"assert (forall i. get_lane $modulus i == (mk_i16 3329))"#); let k_times_modulus = mm256_mulhi_epi16(k, modulus); hax_lib::fstar!( r#"assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k_times_modulus == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $modulus)); assert (forall i. get_lane $k_times_modulus i == - (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))"# + (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! (mk_i32 16)) <: i16))"# ); let value_high = mm256_mulhi_epi16(vec, constants); hax_lib::fstar!( r#"assert (forall i. get_lane $value_high i == - (cast (((cast (get_lane $vec i) <: i32) *. (cast (get_lane $constants i) <: i32)) >>! 16l) <: i16))"# + (cast (((cast (get_lane $vec i) <: i32) *. (cast (get_lane $constants i) <: i32)) >>! (mk_i32 16)) <: i16))"# ); let result = mm256_sub_epi16(value_high, k_times_modulus); hax_lib::fstar!( r#"Spec.Utils.lemma_range_at_percent 3329 (pow2 32); - assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); - assert (v (cast 3329s <: i32) == 3329); - assert ((cast 3329s <: i32) == 3329l); + assert (v (cast (mk_i16 3329) <: i32) == (3329 @% pow2 32)); + assert (v (cast (mk_i16 3329) <: i32) == 3329); + assert ((cast (mk_i16 3329) <: i32) == (mk_i32 3329)); assert (forall i. get_lane $result i == (get_lane $value_high i) -. (get_lane $k_times_modulus i)); assert (forall i. get_lane $result i == Spec.Utils.mont_mul_red_i16 (get_lane $vec i) (get_lane $constants i)); assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i)); @@ -328,34 +328,34 @@ pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec mm_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); hax_lib::fstar!( - "assert (forall i. get_lane128 $k i == get_lane128 $value_low i *. (neg 3327s))" + "assert (forall i. get_lane128 $k i == get_lane128 $value_low i *. (neg (mk_i16 3327)))" ); let modulus = mm_set1_epi16(FIELD_MODULUS); - hax_lib::fstar!(r#"assert (forall i. get_lane128 $modulus i == 3329s)"#); + hax_lib::fstar!(r#"assert (forall i. get_lane128 $modulus i == (mk_i16 3329))"#); let k_times_modulus = mm_mulhi_epi16(k, modulus); hax_lib::fstar!( r#"assert (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $k_times_modulus == - Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! (mk_i32 16)) <: i16) (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $k) (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $modulus)); assert (forall i. get_lane128 $k_times_modulus i == - (cast (((cast (get_lane128 $k i) <: i32) *. (cast (get_lane128 $modulus i) <: i32)) >>! 16l) <: i16))"# + (cast (((cast (get_lane128 $k i) <: i32) *. (cast (get_lane128 $modulus i) <: i32)) >>! (mk_i32 16)) <: i16))"# ); let value_high = mm_mulhi_epi16(vec, constants); hax_lib::fstar!( r#"assert (forall i. get_lane128 $value_high i == - (cast (((cast (get_lane128 $vec i) <: i32) *. (cast (get_lane128 $constants i) <: i32)) >>! 16l) <: i16))"# + (cast (((cast (get_lane128 $vec i) <: i32) *. (cast (get_lane128 $constants i) <: i32)) >>! (mk_i32 16)) <: i16))"# ); let result = mm_sub_epi16(value_high, k_times_modulus); hax_lib::fstar!( r#"Spec.Utils.lemma_range_at_percent 3329 (pow2 32); - assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); - assert (v (cast 3329s <: i32) == 3329); - assert ((cast 3329s <: i32) == 3329l); + assert (v (cast (mk_i16 3329) <: i32) == (3329 @% pow2 32)); + assert (v (cast (mk_i16 3329) <: i32) == 3329); + assert ((cast (mk_i16 3329) <: i32) == (mk_i32 3329)); assert (forall i. get_lane128 $result i == (get_lane128 $value_high i) -. (get_lane128 $k_times_modulus i)); assert (forall i. get_lane128 $result i == Spec.Utils.mont_mul_red_i16 (get_lane128 $vec i) (get_lane128 $constants i)); assert (forall i. Spec.Utils.is_i16b 3328 (get_lane128 $result i)); diff --git a/libcrux-ml-kem/src/vector/avx2/compress.rs b/libcrux-ml-kem/src/vector/avx2/compress.rs index 1761915b7..dd8cc6905 100644 --- a/libcrux-ml-kem/src/vector/avx2/compress.rs +++ b/libcrux-ml-kem/src/vector/avx2/compress.rs @@ -39,7 +39,7 @@ pub(crate) fn compress_message_coefficient(vector: Vec256) -> Vec256 { #[inline(always)] #[hax_lib::requires(fstar!(r#"v $COEFFICIENT_BITS >= 0 /\ v $COEFFICIENT_BITS < bits i32_inttype /\ - range (v (1l <( vector: Vec256, ) -> Vec256 { diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index d4451fdad..89512572e 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -67,7 +67,7 @@ let bits_packed' = BitVec.Intrinsics.mm_movemask_epi8_bv msbs in hax_lib::fstar!( r#" -assert (forall (i: nat {i < 8}). get_bit ($bits_packed >>! 8l <: i32) (sz i) == get_bit $bits_packed (sz (i + 8))) +assert (forall (i: nat {i < 8}). get_bit ($bits_packed >>! (mk_i32 8) <: i32) (sz i) == get_bit $bits_packed (sz (i + 8))) "# ); diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index bd582f6bb..164ef7a23 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -25,7 +25,7 @@ impl crate::vector::traits::Repr for SIMD128Vector { #[hax_lib::attributes] impl Operations for SIMD128Vector { #[inline(always)] - #[ensures(|out| fstar!(r#"impl.f_repr out == Seq.create 16 0s"#))] + #[ensures(|out| fstar!(r#"impl.f_repr out == Seq.create 16 (mk_i16 0)"#))] fn ZERO() -> Self { ZERO() } diff --git a/libcrux-ml-kem/src/vector/neon/vector_type.rs b/libcrux-ml-kem/src/vector/neon/vector_type.rs index 8ae2fd018..41003c15a 100644 --- a/libcrux-ml-kem/src/vector/neon/vector_type.rs +++ b/libcrux-ml-kem/src/vector/neon/vector_type.rs @@ -30,7 +30,7 @@ pub(crate) fn from_i16_array(array: &[i16]) -> SIMD128Vector { #[allow(non_snake_case)] #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("repr result == Seq.create 16 0s"))] +#[hax_lib::ensures(|result| fstar!("repr result == Seq.create 16 (mk_i16 0)"))] pub(crate) fn ZERO() -> SIMD128Vector { SIMD128Vector { low: _vdupq_n_s16(0), diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 58ccdf1e0..a2964dbe0 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -109,7 +109,7 @@ fn deserialize_12(a: &[u8]) -> PortableVector { #[hax_lib::fstar::after(r#"#pop-options"#)] #[hax_lib::attributes] impl Operations for PortableVector { - #[ensures(|out| fstar!(r#"impl.f_repr out == Seq.create 16 0s"#))] + #[ensures(|out| fstar!(r#"impl.f_repr out == Seq.create 16 (mk_i16 0)"#))] fn ZERO() -> Self { zero() } @@ -158,13 +158,13 @@ impl Operations for PortableVector { } #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] - #[ensures(|out| fstar!(r#"(v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"#))] + #[ensures(|out| fstar!(r#"(v_SHIFT_BY >=. (mk_i32 0) /\ v_SHIFT_BY <. (mk_i32 16)) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"#))] fn shift_right(v: Self) -> Self { shift_right::<{ SHIFT_BY }>(v) } #[requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr $v)"#))] - #[ensures(|out| fstar!(r#"impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"#))] + #[ensures(|out| fstar!(r#"impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) (impl.f_repr $v)"#))] fn cond_subtract_3329(v: Self) -> Self { cond_subtract_3329(v) } diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index dabef94f6..3ab1a4323 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -30,8 +30,8 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { "calc (==) { v res; (==) { } - v (logand value ((1ul < PortableVec #[inline(always)] #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] -#[hax_lib::ensures(|result| fstar!(r#"(v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> +#[hax_lib::ensures(|result| fstar!(r#"(v_SHIFT_BY >=. (mk_i32 0) /\ v_SHIFT_BY <. (mk_i32 16)) ==> ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${vec}.f_elements)"#))] pub fn shift_right(mut vec: PortableVector) -> PortableVector { let _vec0 = vec; @@ -173,7 +173,7 @@ pub fn shift_right(mut vec: PortableVector) -> PortableVect #[hax_lib::fstar::options("--z3rlimit 300")] #[hax_lib::requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) ${vec}.f_elements"#))] #[hax_lib::ensures(|result| fstar!(r#"${result}.f_elements == Spec.Utils.map_array - (fun x -> if x >=. 3329s then x -! 3329s else x) (${vec}.f_elements)"#))] + (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) (${vec}.f_elements)"#))] pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector { let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { @@ -182,7 +182,7 @@ pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector { r#" (forall j. j < v i ==> Seq.index ${vec}.f_elements j == (let x = Seq.index ${_vec0}.f_elements j in - if x >=. 3329s then x -! 3329s else x)) /\ + if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x)) /\ (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)"# ) }); @@ -192,7 +192,7 @@ pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector { } hax_lib::fstar!( r#"Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array - (fun x -> if x >=. 3329s then x -! 3329s else x) ${_vec0}.f_elements)"# + (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) ${_vec0}.f_elements)"# ); vec } diff --git a/libcrux-ml-kem/src/vector/portable/vector_type.rs b/libcrux-ml-kem/src/vector/portable/vector_type.rs index dab81f2ef..5e1e04a00 100644 --- a/libcrux-ml-kem/src/vector/portable/vector_type.rs +++ b/libcrux-ml-kem/src/vector/portable/vector_type.rs @@ -10,7 +10,7 @@ pub struct PortableVector { } #[inline(always)] -#[hax_lib::ensures(|result| fstar!(r#"${result}.f_elements == Seq.create 16 0s"#))] +#[hax_lib::ensures(|result| fstar!(r#"${result}.f_elements == Seq.create 16 (mk_i16 0)"#))] pub fn zero() -> PortableVector { PortableVector { elements: [0i16; FIELD_ELEMENTS_IN_VECTOR], diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index ce2851f90..e887033ba 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -18,7 +18,7 @@ pub trait Repr: Copy + Clone { pub trait Operations: Copy + Clone + Repr { #[allow(non_snake_case)] #[requires(true)] - #[ensures(|result| fstar!(r#"f_repr $result == Seq.create 16 0s"#))] + #[ensures(|result| fstar!(r#"f_repr $result == Seq.create 16 (mk_i16 0)"#))] fn ZERO() -> Self; #[requires(array.len() == 16)] @@ -57,13 +57,13 @@ pub trait Operations: Copy + Clone + Repr { fn bitwise_and_with_constant(v: Self, c: i16) -> Self; #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] - #[ensures(|result| fstar!(r#"(v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> f_repr $result == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (f_repr $v)"#))] + #[ensures(|result| fstar!(r#"(v_SHIFT_BY >=. (mk_i32 0) /\ v_SHIFT_BY <. (mk_i32 16)) ==> f_repr $result == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (f_repr $v)"#))] fn shift_right(v: Self) -> Self; // fn shift_left(v: Self) -> Self; // Modular operations #[requires(fstar!(r#"Spec.Utils.is_i16b_array (pow2 12 - 1) (f_repr $v)"#))] - #[ensures(|result| fstar!(r#"f_repr $result == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (f_repr $v)"#))] + #[ensures(|result| fstar!(r#"f_repr $result == Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) (f_repr $v)"#))] fn cond_subtract_3329(v: Self) -> Self; #[requires(fstar!(r#"Spec.Utils.is_i16b_array 28296 (f_repr $vector)"#))] @@ -247,12 +247,12 @@ pub fn to_unsigned_representative(a: T) -> T { #[hax_lib::fstar::options("--z3rlimit 200 --split_queries always")] #[hax_lib::requires(fstar!(r#"forall i. let x = Seq.index (i1._super_12682756204189288427.f_repr ${vec}) i in - (x == 0s \/ x == 1s)"#))] + (x == mk_i16 0 \/ x == mk_i16 1)"#))] #[inline(always)] pub fn decompress_1(vec: T) -> T { let z = T::ZERO(); hax_lib::fstar!( - "assert(forall i. Seq.index (i1._super_12682756204189288427.f_repr ${z}) i == 0s)" + "assert(forall i. Seq.index (i1._super_12682756204189288427.f_repr ${z}) i == mk_i16 0)" ); hax_lib::fstar!( r#"assert(forall i. let x = Seq.index (i1._super_12682756204189288427.f_repr ${vec}) i in @@ -266,10 +266,10 @@ pub fn decompress_1(vec: T) -> T { let s = T::sub(z, &vec); hax_lib::fstar!( - r#"assert(forall i. Seq.index (i1._super_12682756204189288427.f_repr ${s}) i == 0s \/ - Seq.index (i1._super_12682756204189288427.f_repr ${s}) i == -1s)"# + r#"assert(forall i. Seq.index (i1._super_12682756204189288427.f_repr ${s}) i == mk_i16 0 \/ + Seq.index (i1._super_12682756204189288427.f_repr ${s}) i == mk_i16 (-1))"# ); - hax_lib::fstar!(r#"assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"#); + hax_lib::fstar!(r#"assert (i1.f_bitwise_and_with_constant_pre ${s} (mk_i16 1665))"#); let res = T::bitwise_and_with_constant(s, 1665); res } diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst index a740de583..0451136c0 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst @@ -1,5 +1,5 @@ module Libcrux_platform.Platform -#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti index 95dad6932..e8713dad5 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti @@ -1,5 +1,5 @@ module Libcrux_platform.Platform -#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul From 29b3134029d7bbb88098b539fb00c9c2eca52aa3 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 18 Jan 2025 12:32:57 +0100 Subject: [PATCH 02/15] ml-dsa laxes --- .../Libcrux_intrinsics.Arm64_extract.fst | 2 +- .../Libcrux_intrinsics.Arm64_extract.fsti | 2 +- .../Libcrux_intrinsics.Avx2_extract.fst | 2 +- .../Libcrux_intrinsics.Avx2_extract.fsti | 2 +- .../extraction/Libcrux_ml_dsa.Arithmetic.fst | 59 +- .../extraction/Libcrux_ml_dsa.Arithmetic.fsti | 6 +- .../Libcrux_ml_dsa.Constants.Ml_dsa_44_.fsti | 20 +- .../Libcrux_ml_dsa.Constants.Ml_dsa_65_.fsti | 20 +- .../Libcrux_ml_dsa.Constants.Ml_dsa_87_.fsti | 20 +- .../extraction/Libcrux_ml_dsa.Constants.fst | 12 +- .../extraction/Libcrux_ml_dsa.Constants.fsti | 40 +- .../Libcrux_ml_dsa.Encoding.Commitment.fst | 10 +- .../Libcrux_ml_dsa.Encoding.Error.fst | 16 +- .../Libcrux_ml_dsa.Encoding.Gamma1.fst | 24 +- .../Libcrux_ml_dsa.Encoding.Signature.fst | 124 +-- .../Libcrux_ml_dsa.Encoding.Signature.fsti | 10 +- .../Libcrux_ml_dsa.Encoding.Signing_key.fst | 12 +- .../extraction/Libcrux_ml_dsa.Encoding.T0.fst | 12 +- .../Libcrux_ml_dsa.Encoding.T0.fsti | 2 +- .../extraction/Libcrux_ml_dsa.Encoding.T1.fst | 12 +- .../Libcrux_ml_dsa.Encoding.T1.fsti | 4 +- ...bcrux_ml_dsa.Encoding.Verification_key.fst | 9 +- .../Libcrux_ml_dsa.Hash_functions.Neon.fst | 28 +- .../Libcrux_ml_dsa.Hash_functions.Neon.fsti | 22 +- ...Libcrux_ml_dsa.Hash_functions.Portable.fst | 32 +- ...ibcrux_ml_dsa.Hash_functions.Portable.fsti | 26 +- ...ibcrux_ml_dsa.Hash_functions.Shake128.fsti | 42 +- ...ibcrux_ml_dsa.Hash_functions.Shake256.fsti | 22 +- .../Libcrux_ml_dsa.Hash_functions.Simd256.fst | 32 +- ...Libcrux_ml_dsa.Hash_functions.Simd256.fsti | 26 +- .../extraction/Libcrux_ml_dsa.Matrix.fst | 22 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti | 33 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti | 33 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti | 33 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst | 76 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti | 24 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst | 102 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti | 43 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst | 102 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti | 43 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst | 102 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti | 43 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst | 76 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti | 24 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti | 33 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti | 33 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti | 33 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst | 76 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti | 24 +- ...generic.Instantiations.Avx2.Ml_dsa_44_.fst | 75 +- ...eneric.Instantiations.Avx2.Ml_dsa_44_.fsti | 64 +- ...generic.Instantiations.Avx2.Ml_dsa_65_.fst | 75 +- ...eneric.Instantiations.Avx2.Ml_dsa_65_.fsti | 64 +- ...generic.Instantiations.Avx2.Ml_dsa_87_.fst | 75 +- ...eneric.Instantiations.Avx2.Ml_dsa_87_.fsti | 64 +- ...generic.Instantiations.Neon.Ml_dsa_44_.fst | 48 +- ...eneric.Instantiations.Neon.Ml_dsa_44_.fsti | 39 +- ...generic.Instantiations.Neon.Ml_dsa_65_.fst | 48 +- ...eneric.Instantiations.Neon.Ml_dsa_65_.fsti | 39 +- ...generic.Instantiations.Neon.Ml_dsa_87_.fst | 48 +- ...eneric.Instantiations.Neon.Ml_dsa_87_.fsti | 39 +- ...ric.Instantiations.Portable.Ml_dsa_44_.fst | 48 +- ...ic.Instantiations.Portable.Ml_dsa_44_.fsti | 39 +- ...ric.Instantiations.Portable.Ml_dsa_65_.fst | 48 +- ...ic.Instantiations.Portable.Ml_dsa_65_.fsti | 39 +- ...ric.Instantiations.Portable.Ml_dsa_87_.fst | 48 +- ...ic.Instantiations.Portable.Ml_dsa_87_.fsti | 39 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst | 525 +++++----- ...crux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fsti | 42 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst | 525 +++++----- ...crux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fsti | 42 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst | 525 +++++----- ...crux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fsti | 42 +- ...Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fst | 66 +- ...l_dsa_generic.Multiplexing.Ml_dsa_44_.fsti | 30 +- ...Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fst | 66 +- ...l_dsa_generic.Multiplexing.Ml_dsa_65_.fsti | 30 +- ...Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fst | 66 +- ...l_dsa_generic.Multiplexing.Ml_dsa_87_.fsti | 30 +- .../Libcrux_ml_dsa.Ml_dsa_generic.fst | 17 +- .../Libcrux_ml_dsa.Ml_dsa_generic.fsti | 4 +- .../fstar/extraction/Libcrux_ml_dsa.Ntt.fst | 4 +- .../extraction/Libcrux_ml_dsa.Polynomial.fst | 35 +- .../extraction/Libcrux_ml_dsa.Polynomial.fsti | 4 +- .../extraction/Libcrux_ml_dsa.Pre_hash.fst | 11 +- .../extraction/Libcrux_ml_dsa.Pre_hash.fsti | 25 +- .../extraction/Libcrux_ml_dsa.Sample.fst | 683 ++++++------ .../extraction/Libcrux_ml_dsa.Sample.fsti | 45 +- .../extraction/Libcrux_ml_dsa.Samplex4.fst | 106 +- .../Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst | 82 +- ...x_ml_dsa.Simd.Avx2.Encoding.Commitment.fst | 104 +- ...ibcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst | 147 ++- ...bcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti | 10 +- ...bcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst | 143 ++- ...crux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti | 12 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst | 79 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst | 87 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Invntt.fst | 615 ++++++----- .../Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti | 80 +- .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fst | 720 +++++++------ .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti | 60 +- ...md.Avx2.Rejection_sample.Less_than_eta.fst | 34 +- ...jection_sample.Less_than_field_modulus.fst | 51 +- ...ection_sample.Less_than_field_modulus.fsti | 3 +- ...md.Avx2.Rejection_sample.Shuffle_table.fst | 84 +- ...d.Avx2.Rejection_sample.Shuffle_table.fsti | 72 +- .../extraction/Libcrux_ml_dsa.Simd.Avx2.fst | 24 +- ...ibcrux_ml_dsa.Simd.Portable.Arithmetic.fst | 100 +- ...bcrux_ml_dsa.Simd.Portable.Arithmetic.fsti | 2 +- ..._dsa.Simd.Portable.Encoding.Commitment.fst | 34 +- ...ux_ml_dsa.Simd.Portable.Encoding.Error.fst | 101 +- ...x_ml_dsa.Simd.Portable.Encoding.Error.fsti | 8 +- ...x_ml_dsa.Simd.Portable.Encoding.Gamma1.fst | 156 +-- ..._ml_dsa.Simd.Portable.Encoding.Gamma1.fsti | 12 +- ...bcrux_ml_dsa.Simd.Portable.Encoding.T0.fst | 197 ++-- ...crux_ml_dsa.Simd.Portable.Encoding.T0.fsti | 3 +- ...bcrux_ml_dsa.Simd.Portable.Encoding.T1.fst | 84 +- .../Libcrux_ml_dsa.Simd.Portable.Invntt.fst | 954 ++++++++++------- .../Libcrux_ml_dsa.Simd.Portable.Invntt.fsti | 72 +- .../Libcrux_ml_dsa.Simd.Portable.Ntt.fst | 978 +++++++++++------- .../Libcrux_ml_dsa.Simd.Portable.Ntt.fsti | 80 +- .../Libcrux_ml_dsa.Simd.Portable.Sample.fst | 57 +- ...bcrux_ml_dsa.Simd.Portable.Vector_type.fst | 5 +- ...crux_ml_dsa.Simd.Portable.Vector_type.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Portable.fst | 29 +- .../Libcrux_ml_dsa.Simd.Traits.fsti | 22 +- .../fstar/extraction/Libcrux_ml_dsa.Types.fst | 18 +- .../extraction/Libcrux_platform.Platform.fst | 2 +- .../extraction/Libcrux_platform.Platform.fsti | 2 +- 137 files changed, 6332 insertions(+), 5016 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst index 4110ce845..e23020d49 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Arm64_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti index a03c287ec..d4014e6a8 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Arm64_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst index 03cb96f3e..57c728c2c 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 8d53cea4a..85419345c 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst index 9cbda3450..7f8600ff7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst @@ -20,7 +20,7 @@ let decompose_vector = let high, low:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) dimension (fun temp_0_ temp_1_ -> let high, low:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & @@ -39,9 +39,9 @@ let decompose_vector temp_0_ in let i:usize = i in - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit - ((low.[ sz 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) + ((low.[ mk_usize 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun temp_0_ temp_1_ -> @@ -94,7 +94,7 @@ let decompose_vector j tmp0 <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -113,7 +113,7 @@ let decompose_vector j tmp1 <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -140,7 +140,7 @@ let power2round_vector = let t, t1:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) t <: usize) @@ -161,7 +161,7 @@ let power2round_vector temp_0_ in let i:usize = i in - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit ((t.[ i ]).Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -209,7 +209,7 @@ let power2round_vector j tmp0 <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -228,7 +228,7 @@ let power2round_vector j tmp1 <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -255,7 +255,7 @@ let shift_left_then_reduce (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (re.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -282,7 +282,7 @@ let shift_left_then_reduce <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -295,11 +295,11 @@ let use_hint i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (gamma2: i32) - (hint: t_Slice (t_Array i32 (sz 256))) + (hint: t_Slice (t_Array i32 (mk_usize 256))) (re_vector: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let re_vector:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) re_vector <: @@ -325,10 +325,11 @@ let use_hint tmp in let tmp:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit - ((re_vector.[ sz 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit - ) + ((re_vector.[ mk_usize 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units + <: + t_Slice v_SIMDUnit) <: usize) (fun tmp temp_1_ -> @@ -359,7 +360,7 @@ let use_hint <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -410,21 +411,21 @@ let make_hint Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (low high: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) (gamma2: i32) - (hint: t_Slice (t_Array i32 (sz 256))) + (hint: t_Slice (t_Array i32 (mk_usize 256))) = - let true_hints:usize = sz 0 in + let true_hints:usize = mk_usize 0 in let hint_simd:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () in - let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (sz 256)) & + let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (mk_usize 256)) & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) low <: usize) (fun temp_0_ temp_1_ -> - let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (sz 256)) & + let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (mk_usize 256)) & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = temp_0_ @@ -433,11 +434,11 @@ let make_hint true) (hint, hint_simd, true_hints <: - (t_Slice (t_Array i32 (sz 256)) & + (t_Slice (t_Array i32 (mk_usize 256)) & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) (fun temp_0_ i -> - let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (sz 256)) & + let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (mk_usize 256)) & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = temp_0_ @@ -445,7 +446,7 @@ let make_hint let i:usize = i in let hint_simd, true_hints:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (hint_simd.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -501,18 +502,18 @@ let make_hint <: (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) in - let hint:t_Slice (t_Array i32 (sz 256)) = + let hint:t_Slice (t_Array i32 (mk_usize 256)) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize hint i (Libcrux_ml_dsa.Polynomial.impl__to_i32_array #v_SIMDUnit hint_simd <: - t_Array i32 (sz 256)) + t_Array i32 (mk_usize 256)) in hint, hint_simd, true_hints <: - (t_Slice (t_Array i32 (sz 256)) & + (t_Slice (t_Array i32 (mk_usize 256)) & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) in let hax_temp_output:usize = true_hints in - hint, hax_temp_output <: (t_Slice (t_Array i32 (sz 256)) & usize) + hint, hax_temp_output <: (t_Slice (t_Array i32 (mk_usize 256)) & usize) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti index 5816dd136..99bcc6a4e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti @@ -44,7 +44,7 @@ val use_hint (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (gamma2: i32) - (hint: t_Slice (t_Array i32 (sz 256))) + (hint: t_Slice (t_Array i32 (mk_usize 256))) (re_vector: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) : Prims.Pure (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) Prims.l_True @@ -62,5 +62,5 @@ val make_hint {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (low high: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) (gamma2: i32) - (hint: t_Slice (t_Array i32 (sz 256))) - : Prims.Pure (t_Slice (t_Array i32 (sz 256)) & usize) Prims.l_True (fun _ -> Prims.l_True) + (hint: t_Slice (t_Array i32 (mk_usize 256))) + : Prims.Pure (t_Slice (t_Array i32 (mk_usize 256)) & usize) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_44_.fsti index 105a22c73..dd3b609f2 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_44_.fsti @@ -3,25 +3,25 @@ module Libcrux_ml_dsa.Constants.Ml_dsa_44_ open Core open FStar.Mul -let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = sz 6 +let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = mk_usize 6 -let v_BITS_PER_ERROR_COEFFICIENT: usize = sz 3 +let v_BITS_PER_ERROR_COEFFICIENT: usize = mk_usize 3 -let v_BITS_PER_GAMMA1_COEFFICIENT: usize = sz 18 +let v_BITS_PER_GAMMA1_COEFFICIENT: usize = mk_usize 18 -let v_COLUMNS_IN_A: usize = sz 4 +let v_COLUMNS_IN_A: usize = mk_usize 4 -let v_COMMITMENT_HASH_SIZE: usize = sz 32 +let v_COMMITMENT_HASH_SIZE: usize = mk_usize 32 let v_ETA: Libcrux_ml_dsa.Constants.t_Eta = Libcrux_ml_dsa.Constants.Eta_Two <: Libcrux_ml_dsa.Constants.t_Eta -let v_GAMMA1_EXPONENT: usize = sz 17 +let v_GAMMA1_EXPONENT: usize = mk_usize 17 -let v_MAX_ONES_IN_HINT: usize = sz 80 +let v_MAX_ONES_IN_HINT: usize = mk_usize 80 -let v_ONES_IN_VERIFIER_CHALLENGE: usize = sz 39 +let v_ONES_IN_VERIFIER_CHALLENGE: usize = mk_usize 39 -let v_ROWS_IN_A: usize = sz 4 +let v_ROWS_IN_A: usize = mk_usize 4 -let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! 1l <: i32) /! 88l +let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! mk_i32 1 <: i32) /! mk_i32 88 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_65_.fsti index ac228b809..6d73f9e0b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_65_.fsti @@ -3,25 +3,25 @@ module Libcrux_ml_dsa.Constants.Ml_dsa_65_ open Core open FStar.Mul -let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = sz 4 +let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = mk_usize 4 -let v_BITS_PER_ERROR_COEFFICIENT: usize = sz 4 +let v_BITS_PER_ERROR_COEFFICIENT: usize = mk_usize 4 -let v_BITS_PER_GAMMA1_COEFFICIENT: usize = sz 20 +let v_BITS_PER_GAMMA1_COEFFICIENT: usize = mk_usize 20 -let v_COLUMNS_IN_A: usize = sz 5 +let v_COLUMNS_IN_A: usize = mk_usize 5 -let v_COMMITMENT_HASH_SIZE: usize = sz 48 +let v_COMMITMENT_HASH_SIZE: usize = mk_usize 48 let v_ETA: Libcrux_ml_dsa.Constants.t_Eta = Libcrux_ml_dsa.Constants.Eta_Four <: Libcrux_ml_dsa.Constants.t_Eta -let v_GAMMA1_EXPONENT: usize = sz 19 +let v_GAMMA1_EXPONENT: usize = mk_usize 19 -let v_MAX_ONES_IN_HINT: usize = sz 55 +let v_MAX_ONES_IN_HINT: usize = mk_usize 55 -let v_ONES_IN_VERIFIER_CHALLENGE: usize = sz 49 +let v_ONES_IN_VERIFIER_CHALLENGE: usize = mk_usize 49 -let v_ROWS_IN_A: usize = sz 6 +let v_ROWS_IN_A: usize = mk_usize 6 -let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! 1l <: i32) /! 32l +let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! mk_i32 1 <: i32) /! mk_i32 32 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_87_.fsti index 30097ecf0..1a2a4e1ae 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_87_.fsti @@ -3,25 +3,25 @@ module Libcrux_ml_dsa.Constants.Ml_dsa_87_ open Core open FStar.Mul -let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = sz 4 +let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = mk_usize 4 -let v_BITS_PER_ERROR_COEFFICIENT: usize = sz 3 +let v_BITS_PER_ERROR_COEFFICIENT: usize = mk_usize 3 -let v_BITS_PER_GAMMA1_COEFFICIENT: usize = sz 20 +let v_BITS_PER_GAMMA1_COEFFICIENT: usize = mk_usize 20 -let v_COLUMNS_IN_A: usize = sz 7 +let v_COLUMNS_IN_A: usize = mk_usize 7 -let v_COMMITMENT_HASH_SIZE: usize = sz 64 +let v_COMMITMENT_HASH_SIZE: usize = mk_usize 64 let v_ETA: Libcrux_ml_dsa.Constants.t_Eta = Libcrux_ml_dsa.Constants.Eta_Two <: Libcrux_ml_dsa.Constants.t_Eta -let v_GAMMA1_EXPONENT: usize = sz 19 +let v_GAMMA1_EXPONENT: usize = mk_usize 19 -let v_MAX_ONES_IN_HINT: usize = sz 75 +let v_MAX_ONES_IN_HINT: usize = mk_usize 75 -let v_ONES_IN_VERIFIER_CHALLENGE: usize = sz 60 +let v_ONES_IN_VERIFIER_CHALLENGE: usize = mk_usize 60 -let v_ROWS_IN_A: usize = sz 8 +let v_ROWS_IN_A: usize = mk_usize 8 -let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! 1l <: i32) /! 32l +let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! mk_i32 1 <: i32) /! mk_i32 32 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst index 34e40aa6e..3b8a4cd0f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst @@ -11,22 +11,22 @@ let t_Eta_cast_to_repr (x: t_Eta) = let beta (ones_in_verifier_challenge: usize) (eta: t_Eta) = let (eta_val: usize):usize = match eta <: t_Eta with - | Eta_Two -> sz 2 - | Eta_Four -> sz 4 + | Eta_Two -> mk_usize 2 + | Eta_Four -> mk_usize 4 in cast (ones_in_verifier_challenge *! eta_val <: usize) <: i32 let commitment_ring_element_size (bits_per_commitment_coefficient: usize) = - (bits_per_commitment_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 + (bits_per_commitment_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! mk_usize 8 let commitment_vector_size (bits_per_commitment_coefficient rows_in_a: usize) = (commitment_ring_element_size bits_per_commitment_coefficient <: usize) *! rows_in_a let error_ring_element_size (bits_per_error_coefficient: usize) = - (bits_per_error_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 + (bits_per_error_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! mk_usize 8 let gamma1_ring_element_size (bits_per_gamma1_coefficient: usize) = - (bits_per_gamma1_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 + (bits_per_gamma1_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! mk_usize 8 let signature_size (rows_in_a columns_in_a max_ones_in_hint commitment_hash_size bits_per_gamma1_coefficient: @@ -56,7 +56,7 @@ let verification_key_size (rows_in_a: usize) = (v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH -! v_BITS_IN_LOWER_PART_OF_T <: usize) <: usize) /! - sz 8 + mk_usize 8 <: usize) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti index 97e8a82d8..e3237a72f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti @@ -3,60 +3,60 @@ module Libcrux_ml_dsa.Constants open Core open FStar.Mul -let discriminant_Eta_Four: isize = isz 4 +let discriminant_Eta_Four: isize = mk_isize 4 /// Eta values type t_Eta = | Eta_Two : t_Eta | Eta_Four : t_Eta -let discriminant_Eta_Two: isize = isz 2 +let discriminant_Eta_Two: isize = mk_isize 2 val t_Eta_cast_to_repr (x: t_Eta) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) -let v_BITS_IN_LOWER_PART_OF_T: usize = sz 13 +let v_BITS_IN_LOWER_PART_OF_T: usize = mk_usize 13 -let v_BYTES_FOR_VERIFICATION_KEY_HASH: usize = sz 64 +let v_BYTES_FOR_VERIFICATION_KEY_HASH: usize = mk_usize 64 -let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 +let v_COEFFICIENTS_IN_RING_ELEMENT: usize = mk_usize 256 /// The length of `context` is serialized to a single `u8`. -let v_CONTEXT_MAX_LEN: usize = sz 255 +let v_CONTEXT_MAX_LEN: usize = mk_usize 255 -let v_FIELD_MODULUS: i32 = 8380417l +let v_FIELD_MODULUS: i32 = mk_i32 8380417 -let v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH: usize = sz 23 +let v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH: usize = mk_usize 23 let v_BITS_IN_UPPER_PART_OF_T: usize = v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH -! v_BITS_IN_LOWER_PART_OF_T -let v_GAMMA2_V261_888_: i32 = 261888l +let v_GAMMA2_V261_888_: i32 = mk_i32 261888 -let v_GAMMA2_V95_232_: i32 = 95232l +let v_GAMMA2_V95_232_: i32 = mk_i32 95232 /// Number of bytes of entropy required for key generation. -let v_KEY_GENERATION_RANDOMNESS_SIZE: usize = sz 32 +let v_KEY_GENERATION_RANDOMNESS_SIZE: usize = mk_usize 32 -let v_MASK_SEED_SIZE: usize = sz 64 +let v_MASK_SEED_SIZE: usize = mk_usize 64 -let v_MESSAGE_REPRESENTATIVE_SIZE: usize = sz 64 +let v_MESSAGE_REPRESENTATIVE_SIZE: usize = mk_usize 64 -let v_REJECTION_SAMPLE_BOUND_SIGN: usize = sz 814 +let v_REJECTION_SAMPLE_BOUND_SIGN: usize = mk_usize 814 let v_RING_ELEMENT_OF_T0S_SIZE: usize = - (v_BITS_IN_LOWER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 + (v_BITS_IN_LOWER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! mk_usize 8 let v_RING_ELEMENT_OF_T1S_SIZE: usize = - (v_BITS_IN_UPPER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 + (v_BITS_IN_UPPER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! mk_usize 8 -let v_SEED_FOR_A_SIZE: usize = sz 32 +let v_SEED_FOR_A_SIZE: usize = mk_usize 32 -let v_SEED_FOR_ERROR_VECTORS_SIZE: usize = sz 64 +let v_SEED_FOR_ERROR_VECTORS_SIZE: usize = mk_usize 64 -let v_SEED_FOR_SIGNING_SIZE: usize = sz 32 +let v_SEED_FOR_SIGNING_SIZE: usize = mk_usize 32 /// Number of bytes of entropy required for signing. -let v_SIGNING_RANDOMNESS_SIZE: usize = sz 32 +let v_SIGNING_RANDOMNESS_SIZE: usize = mk_usize 32 val beta (ones_in_verifier_challenge: usize) (eta: t_Eta) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst index a459d9535..c803ab1ba 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst @@ -18,7 +18,7 @@ let serialize (serialized: t_Slice u8) = let output_bytes_per_simd_unit:usize = - (Core.Slice.impl__len #u8 serialized <: usize) /! (sz 8 *! sz 4 <: usize) + (Core.Slice.impl__len #u8 serialized <: usize) /! (mk_usize 8 *! mk_usize 4 <: usize) in let serialized:t_Slice u8 = Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units @@ -35,7 +35,9 @@ let serialize Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize + Core.Ops.Range.f_end + = + (i +! mk_usize 1 <: usize) *! output_bytes_per_simd_unit <: usize } <: Core.Ops.Range.t_Range usize) @@ -46,7 +48,7 @@ let serialize Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize + (i +! mk_usize 1 <: usize) *! output_bytes_per_simd_unit <: usize } <: Core.Ops.Range.t_Range usize ] @@ -68,7 +70,7 @@ let serialize_vector (vector: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) (serialized: t_Slice u8) = - let (offset: usize):usize = sz 0 in + let (offset: usize):usize = mk_usize 0 in let offset, serialized:(usize & t_Slice u8) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst index b1c4bdc78..b71132fa7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst @@ -11,8 +11,8 @@ let _ = let chunk_size (eta: Libcrux_ml_dsa.Constants.t_Eta) = match eta <: Libcrux_ml_dsa.Constants.t_Eta with - | Libcrux_ml_dsa.Constants.Eta_Two -> sz 3 - | Libcrux_ml_dsa.Constants.Eta_Four -> sz 4 + | Libcrux_ml_dsa.Constants.Eta_Two -> mk_usize 3 + | Libcrux_ml_dsa.Constants.Eta_Four -> mk_usize 4 let deserialize (#v_SIMDUnit: Type0) @@ -25,7 +25,7 @@ let deserialize = let chunk_size:usize = chunk_size eta in let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -50,7 +50,7 @@ let deserialize eta (serialized.[ { Core.Ops.Range.f_start = i *! chunk_size <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! chunk_size <: usize + Core.Ops.Range.f_end = (i +! mk_usize 1 <: usize) *! chunk_size <: usize } <: Core.Ops.Range.t_Range usize ] @@ -60,7 +60,7 @@ let deserialize <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -143,7 +143,9 @@ let serialize Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize + Core.Ops.Range.f_end + = + (i +! mk_usize 1 <: usize) *! output_bytes_per_simd_unit <: usize } <: Core.Ops.Range.t_Range usize) @@ -155,7 +157,7 @@ let serialize Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize + (i +! mk_usize 1 <: usize) *! output_bytes_per_simd_unit <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst index fa942586c..bf6015981 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst @@ -19,7 +19,7 @@ let deserialize (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -42,10 +42,14 @@ let deserialize (Libcrux_ml_dsa.Simd.Traits.f_gamma1_deserialize #v_SIMDUnit #FStar.Tactics.Typeclasses.solve (serialized.[ { - Core.Ops.Range.f_start = i *! (gamma1_exponent +! sz 1 <: usize) <: usize; + Core.Ops.Range.f_start + = + i *! (gamma1_exponent +! mk_usize 1 <: usize) <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! (gamma1_exponent +! sz 1 <: usize) <: usize + (i +! mk_usize 1 <: usize) *! (gamma1_exponent +! mk_usize 1 <: usize) + <: + usize } <: Core.Ops.Range.t_Range usize ] @@ -56,7 +60,7 @@ let deserialize <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -87,10 +91,10 @@ let serialize let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = i *! (gamma1_exponent +! sz 1 <: usize) <: usize; + Core.Ops.Range.f_start = i *! (gamma1_exponent +! mk_usize 1 <: usize) <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! (gamma1_exponent +! sz 1 <: usize) <: usize + (i +! mk_usize 1 <: usize) *! (gamma1_exponent +! mk_usize 1 <: usize) <: usize } <: Core.Ops.Range.t_Range usize) @@ -98,10 +102,14 @@ let serialize #FStar.Tactics.Typeclasses.solve simd_unit (serialized.[ { - Core.Ops.Range.f_start = i *! (gamma1_exponent +! sz 1 <: usize) <: usize; + Core.Ops.Range.f_start + = + i *! (gamma1_exponent +! mk_usize 1 <: usize) <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! (gamma1_exponent +! sz 1 <: usize) <: usize + (i +! mk_usize 1 <: usize) *! (gamma1_exponent +! mk_usize 1 <: usize) + <: + usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst index 5eb1c72d7..c631695f4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst @@ -9,17 +9,17 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let set_hint (out_hint: t_Slice (t_Array i32 (sz 256))) (i j: usize) = - let out_hint:t_Slice (t_Array i32 (sz 256)) = +let set_hint (out_hint: t_Slice (t_Array i32 (mk_usize 256))) (i j: usize) = + let out_hint:t_Slice (t_Array i32 (mk_usize 256)) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out_hint i (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (out_hint.[ i ] <: - t_Array i32 (sz 256)) + t_Array i32 (mk_usize 256)) j - 1l + (mk_i32 1) <: - t_Array i32 (sz 256)) + t_Array i32 (mk_usize 256)) in out_hint @@ -32,7 +32,7 @@ let deserialize usize) (serialized out_commitment_hash: t_Slice u8) (out_signer_response: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (out_hint: t_Slice (t_Array i32 (sz 256))) + (out_hint: t_Slice (t_Array i32 (mk_usize 256))) = let _:Prims.unit = if true @@ -47,12 +47,12 @@ let deserialize in let out_commitment_hash:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out_commitment_hash - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = commitment_hash_size } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = commitment_hash_size } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (out_commitment_hash.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = commitment_hash_size } <: @@ -69,7 +69,7 @@ let deserialize (gamma1_ring_element_size *! columns_in_a <: usize) in let out_signer_response:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) columns_in_a (fun out_signer_response temp_1_ -> let out_signer_response:t_Slice @@ -93,7 +93,7 @@ let deserialize Core.Ops.Range.f_start = i *! gamma1_ring_element_size <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! gamma1_ring_element_size <: usize + (i +! mk_usize 1 <: usize) *! gamma1_ring_element_size <: usize } <: Core.Ops.Range.t_Range usize ] @@ -107,19 +107,19 @@ let deserialize <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let previous_true_hints_seen:usize = sz 0 in + let previous_true_hints_seen:usize = mk_usize 0 in match - Rust_primitives.Hax.Folds.fold_range_return (sz 0) + Rust_primitives.Hax.Folds.fold_range_return (mk_usize 0) rows_in_a (fun temp_0_ temp_1_ -> - let out_hint, previous_true_hints_seen:(t_Slice (t_Array i32 (sz 256)) & usize) = + let out_hint, previous_true_hints_seen:(t_Slice (t_Array i32 (mk_usize 256)) & usize) = temp_0_ in let _:usize = temp_1_ in true) - (out_hint, previous_true_hints_seen <: (t_Slice (t_Array i32 (sz 256)) & usize)) + (out_hint, previous_true_hints_seen <: (t_Slice (t_Array i32 (mk_usize 256)) & usize)) (fun temp_0_ i -> - let out_hint, previous_true_hints_seen:(t_Slice (t_Array i32 (sz 256)) & usize) = + let out_hint, previous_true_hints_seen:(t_Slice (t_Array i32 (mk_usize 256)) & usize) = temp_0_ in let i:usize = i in @@ -143,39 +143,39 @@ let deserialize Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) <: (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError)) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & (t_Slice (t_Array i32 (sz 256)) & usize))) + (Prims.unit & (t_Slice (t_Array i32 (mk_usize 256)) & usize))) <: Core.Ops.Control_flow.t_ControlFlow (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & (t_Slice (t_Array i32 (sz 256)) & usize))) - (t_Slice (t_Array i32 (sz 256)) & usize) + (Prims.unit & (t_Slice (t_Array i32 (mk_usize 256)) & usize))) + (t_Slice (t_Array i32 (mk_usize 256)) & usize) else match Rust_primitives.Hax.Folds.fold_range_return previous_true_hints_seen current_true_hints_seen (fun out_hint temp_1_ -> - let out_hint:t_Slice (t_Array i32 (sz 256)) = out_hint in + let out_hint:t_Slice (t_Array i32 (mk_usize 256)) = out_hint in let _:usize = temp_1_ in true) out_hint (fun out_hint j -> - let out_hint:t_Slice (t_Array i32 (sz 256)) = out_hint in + let out_hint:t_Slice (t_Array i32 (mk_usize 256)) = out_hint in let j:usize = j in if (j >. previous_true_hints_seen <: bool) && ((hint_serialized.[ j ] <: u8) <=. - (hint_serialized.[ j -! sz 1 <: usize ] <: u8) + (hint_serialized.[ j -! mk_usize 1 <: usize ] <: u8) <: bool) then @@ -194,47 +194,47 @@ let deserialize <: (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError )) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError - ) (Prims.unit & t_Slice (t_Array i32 (sz 256)))) + ) (Prims.unit & t_Slice (t_Array i32 (mk_usize 256)))) <: Core.Ops.Control_flow.t_ControlFlow (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & t_Slice (t_Array i32 (sz 256)))) - (t_Slice (t_Array i32 (sz 256))) + (Prims.unit & t_Slice (t_Array i32 (mk_usize 256)))) + (t_Slice (t_Array i32 (mk_usize 256))) else Core.Ops.Control_flow.ControlFlow_Continue (set_hint out_hint i (cast (hint_serialized.[ j ] <: u8) <: usize) <: - t_Slice (t_Array i32 (sz 256))) + t_Slice (t_Array i32 (mk_usize 256))) <: Core.Ops.Control_flow.t_ControlFlow (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & t_Slice (t_Array i32 (sz 256)))) - (t_Slice (t_Array i32 (sz 256)))) + (Prims.unit & t_Slice (t_Array i32 (mk_usize 256)))) + (t_Slice (t_Array i32 (mk_usize 256)))) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (t_Slice (t_Array i32 (sz 256))) + (t_Slice (t_Array i32 (mk_usize 256))) with | Core.Ops.Control_flow.ControlFlow_Break ret -> Core.Ops.Control_flow.ControlFlow_Break @@ -243,37 +243,37 @@ let deserialize Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & (t_Slice (t_Array i32 (sz 256)) & usize))) + (Prims.unit & (t_Slice (t_Array i32 (mk_usize 256)) & usize))) <: Core.Ops.Control_flow.t_ControlFlow (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & (t_Slice (t_Array i32 (sz 256)) & usize))) - (t_Slice (t_Array i32 (sz 256)) & usize) + (Prims.unit & (t_Slice (t_Array i32 (mk_usize 256)) & usize))) + (t_Slice (t_Array i32 (mk_usize 256)) & usize) | Core.Ops.Control_flow.ControlFlow_Continue out_hint -> let previous_true_hints_seen:usize = current_true_hints_seen in Core.Ops.Control_flow.ControlFlow_Continue - (out_hint, previous_true_hints_seen <: (t_Slice (t_Array i32 (sz 256)) & usize)) + (out_hint, previous_true_hints_seen <: (t_Slice (t_Array i32 (mk_usize 256)) & usize)) <: Core.Ops.Control_flow.t_ControlFlow (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & (t_Slice (t_Array i32 (sz 256)) & usize))) - (t_Slice (t_Array i32 (sz 256)) & usize)) + (Prims.unit & (t_Slice (t_Array i32 (mk_usize 256)) & usize))) + (t_Slice (t_Array i32 (mk_usize 256)) & usize)) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (t_Slice (t_Array i32 (sz 256)) & usize) + (t_Slice (t_Array i32 (mk_usize 256)) & usize) with | Core.Ops.Control_flow.ControlFlow_Break ret -> ret | Core.Ops.Control_flow.ControlFlow_Continue (out_hint, previous_true_hints_seen) -> @@ -288,7 +288,7 @@ let deserialize (fun temp_0_ j -> let _:Prims.unit = temp_0_ in let j:usize = j in - if (hint_serialized.[ j ] <: u8) <>. 0uy <: bool + if (hint_serialized.[ j ] <: u8) <>. mk_u8 0 <: bool then Core.Ops.Control_flow.ControlFlow_Break (Core.Ops.Control_flow.ControlFlow_Break @@ -304,13 +304,13 @@ let deserialize <: (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError)) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) (Prims.unit & Prims.unit)) <: @@ -318,7 +318,7 @@ let deserialize (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) (Prims.unit & Prims.unit)) Prims.unit else @@ -328,13 +328,13 @@ let deserialize (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) (Prims.unit & Prims.unit)) Prims.unit) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.unit with | Core.Ops.Control_flow.ControlFlow_Break ret -> ret @@ -347,7 +347,7 @@ let deserialize out_commitment_hash, out_signer_response, out_hint, hax_temp_output <: (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) let serialize @@ -357,12 +357,12 @@ let serialize Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (commitment_hash: t_Slice u8) (signer_response: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (hint: t_Slice (t_Array i32 (sz 256))) + (hint: t_Slice (t_Array i32 (mk_usize 256))) (commitment_hash_size columns_in_a rows_in_a gamma1_exponent gamma1_ring_element_size max_ones_in_hint: usize) (signature: t_Slice u8) = - let offset:usize = sz 0 in + let offset:usize = mk_usize 0 in let signature:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range signature ({ @@ -386,7 +386,7 @@ let serialize in let offset:usize = offset +! commitment_hash_size in let offset, signature:(usize & t_Slice u8) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) columns_in_a (fun temp_0_ temp_1_ -> let offset, signature:(usize & t_Slice u8) = temp_0_ in @@ -423,9 +423,9 @@ let serialize let offset:usize = offset +! gamma1_ring_element_size in offset, signature <: (usize & t_Slice u8)) in - let true_hints_seen:usize = sz 0 in + let true_hints_seen:usize = mk_usize 0 in let signature, true_hints_seen:(t_Slice u8 & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) rows_in_a (fun temp_0_ temp_1_ -> let signature, true_hints_seen:(t_Slice u8 & usize) = temp_0_ in @@ -436,7 +436,7 @@ let serialize let signature, true_hints_seen:(t_Slice u8 & usize) = temp_0_ in let i:usize = i in let signature, true_hints_seen:(t_Slice u8 & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (hint.[ i ] <: t_Slice i32) <: usize) (fun temp_0_ temp_1_ -> let signature, true_hints_seen:(t_Slice u8 & usize) = temp_0_ in @@ -446,14 +446,14 @@ let serialize (fun temp_0_ j -> let signature, true_hints_seen:(t_Slice u8 & usize) = temp_0_ in let j:usize = j in - if ((hint.[ i ] <: t_Array i32 (sz 256)).[ j ] <: i32) =. 1l <: bool + if ((hint.[ i ] <: t_Array i32 (mk_usize 256)).[ j ] <: i32) =. mk_i32 1 <: bool then let signature:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize signature (offset +! true_hints_seen <: usize) (cast (j <: usize) <: u8) in - let true_hints_seen:usize = true_hints_seen +! sz 1 in + let true_hints_seen:usize = true_hints_seen +! mk_usize 1 in signature, true_hints_seen <: (t_Slice u8 & usize) else signature, true_hints_seen <: (t_Slice u8 & usize)) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti index 1e799b36e..fff114689 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti @@ -9,8 +9,8 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -val set_hint (out_hint: t_Slice (t_Array i32 (sz 256))) (i j: usize) - : Prims.Pure (t_Slice (t_Array i32 (sz 256))) Prims.l_True (fun _ -> Prims.l_True) +val set_hint (out_hint: t_Slice (t_Array i32 (mk_usize 256))) (i j: usize) + : Prims.Pure (t_Slice (t_Array i32 (mk_usize 256))) Prims.l_True (fun _ -> Prims.l_True) val deserialize (#v_SIMDUnit: Type0) @@ -19,10 +19,10 @@ val deserialize usize) (serialized out_commitment_hash: t_Slice u8) (out_signer_response: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (out_hint: t_Slice (t_Array i32 (sz 256))) + (out_hint: t_Slice (t_Array i32 (mk_usize 256))) : Prims.Pure (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -32,7 +32,7 @@ val serialize {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (commitment_hash: t_Slice u8) (signer_response: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (hint: t_Slice (t_Array i32 (sz 256))) + (hint: t_Slice (t_Array i32 (mk_usize 256))) (commitment_hash_size columns_in_a rows_in_a gamma1_exponent gamma1_ring_element_size max_ones_in_hint: usize) (signature: t_Slice u8) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst index d218cb62f..88abf1395 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst @@ -24,7 +24,7 @@ let generate_serialized (s1_2_ t0: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) (signing_key_serialized: t_Slice u8) = - let offset:usize = sz 0 in + let offset:usize = mk_usize 0 in let signing_key_serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range signing_key_serialized ({ @@ -71,11 +71,13 @@ let generate_serialized t_Slice u8) in let offset:usize = offset +! Libcrux_ml_dsa.Constants.v_SEED_FOR_SIGNING_SIZE in - let verification_key_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let verification_key_hash:t_Array u8 (sz 64) = + let verification_key_hash:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in + let verification_key_hash:t_Array u8 (mk_usize 64) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256 #FStar.Tactics.Typeclasses.solve - (sz 64) + (mk_usize 64) verification_key verification_key_hash in @@ -106,7 +108,7 @@ let generate_serialized in let offset:usize = offset +! Libcrux_ml_dsa.Constants.v_BYTES_FOR_VERIFICATION_KEY_HASH in let offset, signing_key_serialized:(usize & t_Slice u8) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) s1_2_ <: usize) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst index 4b0b93667..a33c46993 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst @@ -18,7 +18,7 @@ let deserialize (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -44,7 +44,7 @@ let deserialize Core.Ops.Range.f_start = i *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize ] @@ -54,7 +54,7 @@ let deserialize <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -132,7 +132,9 @@ let serialize Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = i *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize + Core.Ops.Range.f_end + = + (i +! mk_usize 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize) @@ -143,7 +145,7 @@ let serialize Core.Ops.Range.f_start = i *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti index 3e1291df0..011d49bd9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti @@ -9,7 +9,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let v_OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 13 +let v_OUTPUT_BYTES_PER_SIMD_UNIT: usize = mk_usize 13 val deserialize (#v_SIMDUnit: Type0) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst index 1b47121ee..b939e6686 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst @@ -18,7 +18,7 @@ let deserialize (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -42,7 +42,9 @@ let deserialize #FStar.Tactics.Typeclasses.solve (serialized.[ { Core.Ops.Range.f_start = i *! deserialize__WINDOW <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! deserialize__WINDOW <: usize + Core.Ops.Range.f_end + = + (i +! mk_usize 1 <: usize) *! deserialize__WINDOW <: usize } <: Core.Ops.Range.t_Range usize ] @@ -52,7 +54,7 @@ let deserialize <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -84,7 +86,7 @@ let serialize Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize) @@ -95,7 +97,7 @@ let serialize Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti index 26d77dadf..ca1104e5f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti @@ -9,9 +9,9 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let deserialize__WINDOW: usize = sz 10 +let deserialize__WINDOW: usize = mk_usize 10 -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 10 +let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = mk_usize 10 val deserialize (#v_SIMDUnit: Type0) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst index dc840bd86..65123f347 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst @@ -30,7 +30,7 @@ let deserialize () in let t1:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) rows_in_a (fun t1 temp_1_ -> let t1:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = t1 in @@ -49,7 +49,8 @@ let deserialize i *! Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T1S_SIZE <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T1S_SIZE + (i +! mk_usize 1 <: usize) *! + Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T1S_SIZE <: usize } @@ -77,14 +78,14 @@ let generate_serialized let verification_key_serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range verification_key_serialized ({ - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (verification_key_serialized.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE } <: diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst index 7d78d62f2..5af31b204 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst @@ -67,22 +67,22 @@ assume val squeeze_first_block_x4': state: t_Shake256x4 -> Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_block_x4 = squeeze_first_block_x4' assume val squeeze_first_five_blocks': state: t_Shake128x4 -> - out0: t_Array u8 (sz 840) -> - out1: t_Array u8 (sz 840) -> - out2: t_Array u8 (sz 840) -> - out3: t_Array u8 (sz 840) + out0: t_Array u8 (mk_usize 840) -> + out1: t_Array u8 (mk_usize 840) -> + out2: t_Array u8 (mk_usize 840) -> + out3: t_Array u8 (mk_usize 840) -> Prims.Pure - (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128x4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_five_blocks = squeeze_first_five_blocks' @@ -90,9 +90,8 @@ assume val squeeze_next_block': state: t_Shake128x4 -> Prims.Pure (t_Shake128x4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block = squeeze_next_block' @@ -100,8 +99,7 @@ assume val squeeze_next_block_x4': state: t_Shake256x4 -> Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block_x4 = squeeze_next_block_x4' diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti index d27a20455..5f73e824b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti @@ -33,25 +33,23 @@ val shake256_x4 val squeeze_first_block_x4 (state: t_Shake256x4) : Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) -val squeeze_first_five_blocks (state: t_Shake128x4) (out0 out1 out2 out3: t_Array u8 (sz 840)) +val squeeze_first_five_blocks (state: t_Shake128x4) (out0 out1 out2 out3: t_Array u8 (mk_usize 840)) : Prims.Pure - (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128x4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block (state: t_Shake128x4) : Prims.Pure (t_Shake128x4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block_x4 (state: t_Shake256x4) : Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst index 4d34ec255..55ea21844 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst @@ -98,7 +98,7 @@ let shake256 (v_OUTPUT_LENGTH: usize) = shake256' v_OUTPUT_LENGTH assume val squeeze_first_block_shake256': state: t_Shake256 - -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + -> Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_block_shake256 = squeeze_first_block_shake256' @@ -106,22 +106,22 @@ assume val squeeze_first_block_x4': state: t_Shake256X4 -> Prims.Pure (t_Shake256X4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_block_x4 = squeeze_first_block_x4' assume val squeeze_first_five_blocks': state: t_Shake128X4 -> - out0: t_Array u8 (sz 840) -> - out1: t_Array u8 (sz 840) -> - out2: t_Array u8 (sz 840) -> - out3: t_Array u8 (sz 840) + out0: t_Array u8 (mk_usize 840) -> + out1: t_Array u8 (mk_usize 840) -> + out2: t_Array u8 (mk_usize 840) -> + out3: t_Array u8 (mk_usize 840) -> Prims.Pure - (t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128X4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_five_blocks = squeeze_first_five_blocks' @@ -129,15 +129,14 @@ assume val squeeze_next_block': state: t_Shake128X4 -> Prims.Pure (t_Shake128X4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block = squeeze_next_block' assume val squeeze_next_block_shake256': state: t_Shake256 - -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + -> Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block_shake256 = squeeze_next_block_shake256' @@ -145,8 +144,7 @@ assume val squeeze_next_block_x4': state: t_Shake256X4 -> Prims.Pure (t_Shake256X4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block_x4 = squeeze_next_block_x4' diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti index 3fc96890c..a7c689a81 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti @@ -49,33 +49,31 @@ val shake256 (v_OUTPUT_LENGTH: usize) (input: t_Slice u8) (out: t_Array u8 v_OUT : Prims.Pure (t_Array u8 v_OUTPUT_LENGTH) Prims.l_True (fun _ -> Prims.l_True) val squeeze_first_block_shake256 (state: t_Shake256) - : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_first_block_x4 (state: t_Shake256X4) : Prims.Pure (t_Shake256X4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) -val squeeze_first_five_blocks (state: t_Shake128X4) (out0 out1 out2 out3: t_Array u8 (sz 840)) +val squeeze_first_five_blocks (state: t_Shake128X4) (out0 out1 out2 out3: t_Array u8 (mk_usize 840)) : Prims.Pure - (t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128X4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block (state: t_Shake128X4) : Prims.Pure (t_Shake128X4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block_shake256 (state: t_Shake256) - : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block_x4 (state: t_Shake256X4) : Prims.Pure (t_Shake256X4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti index 67503f772..ddc94bb4f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti @@ -21,45 +21,47 @@ class t_XofX4 (v_Self: Type0) = { (fun result -> f_init_absorb_post x0 x1 x2 x3 result); f_squeeze_first_five_blocks_pre: v_Self -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> Type0; f_squeeze_first_five_blocks_post: v_Self -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) -> - (v_Self & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> + (v_Self & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) -> Type0; f_squeeze_first_five_blocks: x0: v_Self -> - x1: t_Array u8 (sz 840) -> - x2: t_Array u8 (sz 840) -> - x3: t_Array u8 (sz 840) -> - x4: t_Array u8 (sz 840) + x1: t_Array u8 (mk_usize 840) -> + x2: t_Array u8 (mk_usize 840) -> + x3: t_Array u8 (mk_usize 840) -> + x4: t_Array u8 (mk_usize 840) -> Prims.Pure - (v_Self & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) + (v_Self & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) (f_squeeze_first_five_blocks_pre x0 x1 x2 x3 x4) (fun result -> f_squeeze_first_five_blocks_post x0 x1 x2 x3 x4 result); f_squeeze_next_block_pre:v_Self -> Type0; f_squeeze_next_block_post: v_Self -> (v_Self & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) -> Type0; f_squeeze_next_block:x0: v_Self -> Prims.Pure (v_Self & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) (f_squeeze_next_block_pre x0) (fun result -> f_squeeze_next_block_post x0 result) } -let v_BLOCK_SIZE: usize = sz 168 +let v_BLOCK_SIZE: usize = mk_usize 168 -let v_FIVE_BLOCKS_SIZE: usize = v_BLOCK_SIZE *! sz 5 +let v_FIVE_BLOCKS_SIZE: usize = v_BLOCK_SIZE *! mk_usize 5 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti index de5a31b65..eaa9ee4a5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti @@ -25,15 +25,15 @@ class t_DsaXof (v_Self: Type0) = { (f_init_absorb_final_pre x0) (fun result -> f_init_absorb_final_post x0 result); f_squeeze_first_block_pre:v_Self -> Type0; - f_squeeze_first_block_post:v_Self -> (v_Self & t_Array u8 (sz 136)) -> Type0; + f_squeeze_first_block_post:v_Self -> (v_Self & t_Array u8 (mk_usize 136)) -> Type0; f_squeeze_first_block:x0: v_Self - -> Prims.Pure (v_Self & t_Array u8 (sz 136)) + -> Prims.Pure (v_Self & t_Array u8 (mk_usize 136)) (f_squeeze_first_block_pre x0) (fun result -> f_squeeze_first_block_post x0 result); f_squeeze_next_block_pre:v_Self -> Type0; - f_squeeze_next_block_post:v_Self -> (v_Self & t_Array u8 (sz 136)) -> Type0; + f_squeeze_next_block_post:v_Self -> (v_Self & t_Array u8 (mk_usize 136)) -> Type0; f_squeeze_next_block:x0: v_Self - -> Prims.Pure (v_Self & t_Array u8 (sz 136)) + -> Prims.Pure (v_Self & t_Array u8 (mk_usize 136)) (f_squeeze_next_block_pre x0) (fun result -> f_squeeze_next_block_post x0 result) } @@ -70,24 +70,28 @@ class t_XofX4 (v_Self: Type0) = { f_squeeze_first_block_x4_post: v_Self -> (v_Self & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) -> Type0; f_squeeze_first_block_x4:x0: v_Self -> Prims.Pure (v_Self & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) (f_squeeze_first_block_x4_pre x0) (fun result -> f_squeeze_first_block_x4_post x0 result); f_squeeze_next_block_x4_pre:v_Self -> Type0; f_squeeze_next_block_x4_post: v_Self -> (v_Self & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) -> Type0; f_squeeze_next_block_x4:x0: v_Self -> Prims.Pure (v_Self & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) (f_squeeze_next_block_x4_pre x0) (fun result -> f_squeeze_next_block_x4_post x0 result); f_shake256_x4_pre: @@ -129,4 +133,4 @@ class t_XofX4 (v_Self: Type0) = { (fun result -> f_shake256_x4_post v_OUT_LEN x0 x1 x2 x3 x4 x5 x6 x7 result) } -let v_BLOCK_SIZE: usize = sz 136 +let v_BLOCK_SIZE: usize = mk_usize 136 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst index fe67aa9fc..9399c392c 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst @@ -88,7 +88,7 @@ let shake256_x4 (v_OUT_LEN: usize) = shake256_x4' v_OUT_LEN assume val squeeze_first_block_shake256': state: t_Shake256 - -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + -> Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_block_shake256 = squeeze_first_block_shake256' @@ -96,22 +96,22 @@ assume val squeeze_first_block_x4': state: t_Shake256x4 -> Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_block_x4 = squeeze_first_block_x4' assume val squeeze_first_five_blocks': state: t_Shake128x4 -> - out0: t_Array u8 (sz 840) -> - out1: t_Array u8 (sz 840) -> - out2: t_Array u8 (sz 840) -> - out3: t_Array u8 (sz 840) + out0: t_Array u8 (mk_usize 840) -> + out1: t_Array u8 (mk_usize 840) -> + out2: t_Array u8 (mk_usize 840) -> + out3: t_Array u8 (mk_usize 840) -> Prims.Pure - (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128x4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_five_blocks = squeeze_first_five_blocks' @@ -119,15 +119,14 @@ assume val squeeze_next_block': state: t_Shake128x4 -> Prims.Pure (t_Shake128x4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block = squeeze_next_block' assume val squeeze_next_block_shake256': state: t_Shake256 - -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + -> Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block_shake256 = squeeze_next_block_shake256' @@ -135,8 +134,7 @@ assume val squeeze_next_block_x4': state: t_Shake256x4 -> Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block_x4 = squeeze_next_block_x4' diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti index 109c7ccf9..dd57bb76f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti @@ -46,33 +46,31 @@ val shake256_x4 (fun _ -> Prims.l_True) val squeeze_first_block_shake256 (state: t_Shake256) - : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_first_block_x4 (state: t_Shake256x4) : Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) -val squeeze_first_five_blocks (state: t_Shake128x4) (out0 out1 out2 out3: t_Array u8 (sz 840)) +val squeeze_first_five_blocks (state: t_Shake128x4) (out0 out1 out2 out3: t_Array u8 (mk_usize 840)) : Prims.Pure - (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128x4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block (state: t_Shake128x4) : Prims.Pure (t_Shake128x4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block_shake256 (state: t_Shake256) - : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block_x4 (state: t_Shake256x4) : Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst index 78a4705b7..367d71d6d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst @@ -18,7 +18,7 @@ let vector_times_ring_element (ring_element: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let vector:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) vector <: usize) @@ -64,7 +64,7 @@ let add_vectors (lhs rhs: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let lhs:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) dimension (fun lhs temp_1_ -> let lhs:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = lhs in @@ -96,7 +96,7 @@ let compute_as1_plus_s2 t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) rows_in_a (fun result temp_1_ -> let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = @@ -110,7 +110,7 @@ let compute_as1_plus_s2 result in let i:usize = i in - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) columns_in_a (fun result temp_1_ -> let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = @@ -148,7 +148,7 @@ let compute_as1_plus_s2 t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) result <: usize) @@ -196,7 +196,7 @@ let compute_matrix_x_mask (matrix mask result: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) rows_in_a (fun result temp_1_ -> let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = @@ -211,7 +211,7 @@ let compute_matrix_x_mask in let i:usize = i in let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) columns_in_a (fun result temp_1_ -> let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -275,7 +275,7 @@ let compute_w_approx (t1: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let t1:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) rows_in_a (fun t1 temp_1_ -> let t1:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = t1 in @@ -289,7 +289,7 @@ let compute_w_approx Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () in let inner_result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) columns_in_a (fun inner_result temp_1_ -> let inner_result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = @@ -322,7 +322,7 @@ let compute_w_approx Rust_primitives.Hax.Monomorphized_update_at.update_at_usize t1 i (Libcrux_ml_dsa.Arithmetic.shift_left_then_reduce #v_SIMDUnit - 13l + (mk_i32 13) (t1.[ i ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -373,7 +373,7 @@ let subtract_vectors (lhs rhs: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let lhs:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) dimension (fun lhs temp_1_ -> let lhs:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = lhs in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst index 1f4e74abc..42decb1f9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_44_.Avx2 open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 2560) = Rust_primitives.Hax.repeat 0uy (sz 2560) in - let verification_key:t_Array u8 (sz 1312) = Rust_primitives.Hax.repeat 0uy (sz 1312) in - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 2560) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2560) + in + let verification_key:t_Array u8 (mk_usize 1312) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1312) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 2560) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 2560) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1312) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1312) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti index d8a0fad7d..1f550c044 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-44 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-44 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst index af30cc781..400aa002f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_44_.Neon open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 2560) = Rust_primitives.Hax.repeat 0uy (sz 2560) in - let verification_key:t_Array u8 (sz 1312) = Rust_primitives.Hax.repeat 0uy (sz 1312) in - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 2560) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2560) + in + let verification_key:t_Array u8 (mk_usize 1312) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1312) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 2560) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 2560) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1312) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1312) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti index 9a4380d2b..51cd2468f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-44 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-44 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst index 13a796716..c0a8803a1 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_44_.Portable open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 2560) = Rust_primitives.Hax.repeat 0uy (sz 2560) in - let verification_key:t_Array u8 (sz 1312) = Rust_primitives.Hax.repeat 0uy (sz 1312) in - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 2560) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2560) + in + let verification_key:t_Array u8 (mk_usize 1312) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1312) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 2560) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 2560) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1312) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1312) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti index 80d949c43..e0d78ea95 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-44 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-44 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst index 3506b3983..62747c5fb 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst @@ -3,93 +3,101 @@ module Libcrux_ml_dsa.Ml_dsa_44_ open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 2560) = Rust_primitives.Hax.repeat 0uy (sz 2560) in - let verification_key:t_Array u8 (sz 1312) = Rust_primitives.Hax.repeat 0uy (sz 1312) in - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 2560) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2560) + in + let verification_key:t_Array u8 (mk_usize 1312) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1312) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 2560) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 2560) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1312) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1312) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.sign (Libcrux_ml_dsa.Types.impl__as_ref (sz + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.sign (Libcrux_ml_dsa.Types.impl__as_ref (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref ( - sz 1312) + mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti index eb77b98a4..92b8340b9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti @@ -7,8 +7,8 @@ open FStar.Mul /// Generate an ML-DSA key pair. The input is a byte array of size /// [`KEY_GENERATION_RANDOMNESS_SIZE`]. /// This function returns an [`MLDSA44KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) @@ -19,11 +19,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// may also be empty. /// This function returns an [`MLDSA44Signature`]. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign with HashML-DSA 44, with a SHAKE128 pre-hashing @@ -34,11 +34,11 @@ val sign /// may also be empty. /// This function returns an [`MLDSA44Signature`]. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -48,9 +48,9 @@ val sign_pre_hashed_shake128 /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -62,9 +62,9 @@ val verify /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst index 4ba7e0a11..0ed29d190 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst @@ -3,62 +3,66 @@ module Libcrux_ml_dsa.Ml_dsa_65_.Avx2 open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4032) = Rust_primitives.Hax.repeat 0uy (sz 4032) in - let verification_key:t_Array u8 (sz 1952) = Rust_primitives.Hax.repeat 0uy (sz 1952) in - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4032) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4032) + in + let verification_key:t_Array u8 (mk_usize 1952) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1952) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4032) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4032) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1952) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1952) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032) let generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context randomness let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.sign_mut signing_key message @@ -66,65 +70,69 @@ let sign_mut randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti index 00176aa30..7ff07767a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti @@ -4,28 +4,30 @@ open Core open FStar.Mul /// Generate an ML-DSA-65 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Key Pair val generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature @@ -33,12 +35,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -47,11 +50,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -59,9 +62,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -71,9 +74,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst index 655282ddc..5d7d3bddc 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst @@ -3,62 +3,66 @@ module Libcrux_ml_dsa.Ml_dsa_65_.Neon open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4032) = Rust_primitives.Hax.repeat 0uy (sz 4032) in - let verification_key:t_Array u8 (sz 1952) = Rust_primitives.Hax.repeat 0uy (sz 1952) in - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4032) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4032) + in + let verification_key:t_Array u8 (mk_usize 1952) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1952) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4032) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4032) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1952) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1952) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032) let generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context randomness let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.sign_mut signing_key message @@ -66,65 +70,69 @@ let sign_mut randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti index 43b275f98..4eac5c2c5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti @@ -4,28 +4,30 @@ open Core open FStar.Mul /// Generate an ML-DSA-65 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Key Pair val generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature @@ -33,12 +35,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -47,11 +50,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -59,9 +62,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -71,9 +74,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst index 124549c25..0d87d3268 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst @@ -3,62 +3,66 @@ module Libcrux_ml_dsa.Ml_dsa_65_.Portable open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4032) = Rust_primitives.Hax.repeat 0uy (sz 4032) in - let verification_key:t_Array u8 (sz 1952) = Rust_primitives.Hax.repeat 0uy (sz 1952) in - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4032) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4032) + in + let verification_key:t_Array u8 (mk_usize 1952) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1952) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4032) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4032) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1952) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1952) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032) let generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context randomness let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.sign_mut signing_key message @@ -66,65 +70,69 @@ let sign_mut randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti index 2953eab1b..5a4edcb80 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti @@ -4,28 +4,30 @@ open Core open FStar.Mul /// Generate an ML-DSA-65 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Key Pair val generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature @@ -33,12 +35,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -47,11 +50,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -59,9 +62,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -71,9 +74,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst index 243d5de79..47da0fcf4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst @@ -3,93 +3,101 @@ module Libcrux_ml_dsa.Ml_dsa_65_ open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4032) = Rust_primitives.Hax.repeat 0uy (sz 4032) in - let verification_key:t_Array u8 (sz 1952) = Rust_primitives.Hax.repeat 0uy (sz 1952) in - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4032) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4032) + in + let verification_key:t_Array u8 (mk_usize 1952) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1952) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4032) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4032) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1952) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1952) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.sign (Libcrux_ml_dsa.Types.impl__as_ref (sz + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.sign (Libcrux_ml_dsa.Types.impl__as_ref (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref ( - sz 1952) + mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti index d7b76e429..1e1584923 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti @@ -7,8 +7,8 @@ open FStar.Mul /// Generate an ML-DSA key pair. The input is a byte array of size /// [`KEY_GENERATION_RANDOMNESS_SIZE`]. /// This function returns an [`MLDSA65KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) @@ -19,11 +19,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// may also be empty. /// This function returns an [`MLDSA65Signature`]. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign with HashML-DSA 65, with a SHAKE128 pre-hashing @@ -34,11 +34,11 @@ val sign /// may also be empty. /// This function returns an [`MLDSA65Signature`]. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -48,9 +48,9 @@ val sign_pre_hashed_shake128 /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -62,9 +62,9 @@ val verify /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst index 2a1c3baa1..6409ba501 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_87_.Avx2 open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4896) = Rust_primitives.Hax.repeat 0uy (sz 4896) in - let verification_key:t_Array u8 (sz 2592) = Rust_primitives.Hax.repeat 0uy (sz 2592) in - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4896) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4896) + in + let verification_key:t_Array u8 (mk_usize 2592) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2592) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4896) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4896) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 2592) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 2592) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti index 6225e3023..331035d39 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-87 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-87 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst index c6bec73a6..8eb415171 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_87_.Neon open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4896) = Rust_primitives.Hax.repeat 0uy (sz 4896) in - let verification_key:t_Array u8 (sz 2592) = Rust_primitives.Hax.repeat 0uy (sz 2592) in - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4896) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4896) + in + let verification_key:t_Array u8 (mk_usize 2592) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2592) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4896) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4896) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 2592) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 2592) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti index 7ba0608c8..c34eed67d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-87 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-87 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst index 6979118c4..88e447b73 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_87_.Portable open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4896) = Rust_primitives.Hax.repeat 0uy (sz 4896) in - let verification_key:t_Array u8 (sz 2592) = Rust_primitives.Hax.repeat 0uy (sz 2592) in - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4896) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4896) + in + let verification_key:t_Array u8 (mk_usize 2592) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2592) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4896) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4896) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 2592) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 2592) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti index 00756769a..5347cfc48 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-87 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-87 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst index 56f5baaf3..b893b3cdb 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst @@ -3,93 +3,101 @@ module Libcrux_ml_dsa.Ml_dsa_87_ open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4896) = Rust_primitives.Hax.repeat 0uy (sz 4896) in - let verification_key:t_Array u8 (sz 2592) = Rust_primitives.Hax.repeat 0uy (sz 2592) in - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4896) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4896) + in + let verification_key:t_Array u8 (mk_usize 2592) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2592) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4896) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4896) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 2592) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 2592) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.sign (Libcrux_ml_dsa.Types.impl__as_ref (sz + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.sign (Libcrux_ml_dsa.Types.impl__as_ref (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref ( - sz 2592) + mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti index 2dbf4d427..e7b01f542 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti @@ -7,8 +7,8 @@ open FStar.Mul /// Generate an ML-DSA key pair. The input is a byte array of size /// [`KEY_GENERATION_RANDOMNESS_SIZE`]. /// This function returns an [`MLDSA87KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) @@ -19,11 +19,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// may also be empty. /// This function returns an [`MLDSA87Signature`]. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign with HashML-DSA 87, with a SHAKE128 pre-hashing @@ -34,11 +34,11 @@ val sign /// may also be empty. /// This function returns an [`MLDSA87Signature`]. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -48,9 +48,9 @@ val sign_pre_hashed_shake128 /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -62,9 +62,9 @@ val verify /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst index d4addf2d9..cb9afcb00 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst @@ -18,7 +18,7 @@ let _ = () let generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = @@ -37,7 +37,10 @@ let generate_key_pair___inner let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) = +let generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) + = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = generate_key_pair___inner randomness signing_key verification_key in @@ -47,9 +50,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification signing_key, verification_key <: (t_Slice u8 & t_Slice u8) let sign___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 @@ -59,18 +62,18 @@ let sign___inner randomness let sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = sign___inner signing_key message context randomness let sign_mut___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_mut #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -80,35 +83,35 @@ let sign_mut___inner #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut___inner signing_key message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -119,41 +122,41 @@ let sign_pre_hashed_shake128___inner (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let verify___inner - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.verify #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -166,15 +169,15 @@ let verify___inner signature let verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = verify___inner verification_key message context signature let verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = @@ -194,9 +197,9 @@ let verify_pre_hashed_shake128___inner (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti index 0a6cd9f8c..cfeaf068f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti @@ -19,91 +19,95 @@ let _ = /// Key Generation. val generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) +val generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val sign___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_mut___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify___inner - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True @@ -111,9 +115,9 @@ val verify_pre_hashed_shake128___inner /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst index 384431e2f..79e93f4d6 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst @@ -18,7 +18,7 @@ let _ = () let generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = @@ -37,7 +37,10 @@ let generate_key_pair___inner let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) = +let generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) + = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = generate_key_pair___inner randomness signing_key verification_key in @@ -47,9 +50,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification signing_key, verification_key <: (t_Slice u8 & t_Slice u8) let sign___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 @@ -59,18 +62,18 @@ let sign___inner randomness let sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = sign___inner signing_key message context randomness let sign_mut___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_mut #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -80,35 +83,35 @@ let sign_mut___inner #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut___inner signing_key message context randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -119,41 +122,41 @@ let sign_pre_hashed_shake128___inner (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let verify___inner - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.verify #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -166,15 +169,15 @@ let verify___inner signature let verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = verify___inner verification_key message context signature let verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = @@ -194,9 +197,9 @@ let verify_pre_hashed_shake128___inner (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti index 73beab56d..d9f007b05 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti @@ -19,91 +19,95 @@ let _ = /// Key Generation. val generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) +val generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val sign___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_mut___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify___inner - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True @@ -111,9 +115,9 @@ val verify_pre_hashed_shake128___inner /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst index 85209dee4..87019dfe9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst @@ -18,7 +18,7 @@ let _ = () let generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = @@ -37,7 +37,10 @@ let generate_key_pair___inner let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) = +let generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) + = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = generate_key_pair___inner randomness signing_key verification_key in @@ -47,9 +50,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification signing_key, verification_key <: (t_Slice u8 & t_Slice u8) let sign___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 @@ -59,18 +62,18 @@ let sign___inner randomness let sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = sign___inner signing_key message context randomness let sign_mut___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_mut #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -80,35 +83,35 @@ let sign_mut___inner #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut___inner signing_key message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -119,41 +122,41 @@ let sign_pre_hashed_shake128___inner (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let verify___inner - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.verify #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -166,15 +169,15 @@ let verify___inner signature let verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = verify___inner verification_key message context signature let verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = @@ -194,9 +197,9 @@ let verify_pre_hashed_shake128___inner (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti index a119375c4..330b40dca 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti @@ -19,91 +19,95 @@ let _ = /// Key Generation. val generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) +val generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val sign___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_mut___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify___inner - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True @@ -111,9 +115,9 @@ val verify_pre_hashed_shake128___inner /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fst index da2a3cd8c..7c4e95a85 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fst @@ -18,11 +18,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) = - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -33,15 +33,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) let sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -65,19 +65,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -88,20 +88,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler @@ -114,9 +114,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fsti index 858d01f49..955f066b1 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fsti @@ -19,55 +19,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) - : Prims.Pure (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) + : Prims.Pure (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fst index 692bdeb30..c25e2ca82 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fst @@ -18,11 +18,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -33,15 +33,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -65,19 +65,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -88,20 +88,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler @@ -114,9 +114,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fsti index 3319e50fb..cf41b04d6 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fsti @@ -19,55 +19,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fst index 736cfca36..59bd60eba 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fst @@ -18,11 +18,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) = - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -33,15 +33,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) let sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -65,19 +65,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -88,20 +88,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler @@ -114,9 +114,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fsti index 70e139689..66d9d64c7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fsti @@ -19,55 +19,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) - : Prims.Pure (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) + : Prims.Pure (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fst index 888e90ff3..65f4f15e7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fst @@ -17,11 +17,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) = - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 @@ -32,15 +32,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) let sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -66,19 +66,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256X4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -90,20 +90,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -116,9 +116,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fsti index 347cf611d..b2ce3823e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fsti @@ -18,55 +18,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) - : Prims.Pure (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) + : Prims.Pure (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fst index 320ff0fd1..9cdb78f41 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fst @@ -17,11 +17,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 @@ -32,15 +32,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -66,19 +66,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256X4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -90,20 +90,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -116,9 +116,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fsti index a101743e2..34af5b033 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fsti @@ -18,55 +18,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fst index 6c59d201b..1d0f9cde4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fst @@ -17,11 +17,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) = - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 @@ -32,15 +32,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) let sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -66,19 +66,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256X4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -90,20 +90,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -116,9 +116,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fsti index 61e6daa3b..42468a39b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fsti @@ -18,55 +18,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) - : Prims.Pure (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) + : Prims.Pure (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst index 5844e378d..8787944b8 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst @@ -29,45 +29,49 @@ let verify_internal (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) = let seed_for_a, t1_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (verification_key <: t_Slice u8) Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A v_VERIFICATION_KEY_SIZE t1_serialized t1 in - let deserialized_commitment_hash:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let deserialized_commitment_hash:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) + in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 4) = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 256) <: t_Array i32 (sz 256)) - (sz 4) + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 256) + <: + t_Array i32 (mk_usize 256)) + (mk_usize 4) in - let tmp0, tmp1, tmp2, out:(t_Array u8 (sz 32) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) & - t_Array (t_Array i32 (sz 256)) (sz 4) & + let tmp0, tmp1, tmp2, out:(t_Array u8 (mk_usize 32) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) & + t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Encoding.Signature.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A @@ -78,12 +82,12 @@ let verify_internal (signature_serialized <: t_Slice u8) deserialized_commitment_hash deserialized_signer_response deserialized_hint in - let deserialized_commitment_hash:t_Array u8 (sz 32) = tmp0 in + let deserialized_commitment_hash:t_Array u8 (mk_usize 32) = tmp0 in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = tmp1 in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 4) = tmp2 in + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4) = tmp2 in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError with | Core.Result.Result_Ok _ -> let _:Prims.unit = () <: Prims.unit in @@ -92,7 +96,9 @@ let verify_internal (deserialized_signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((2l < let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = deserialized_signer_response in let _:usize = temp_1_ in @@ -163,7 +175,7 @@ let verify_internal deserialized_signer_response (fun deserialized_signer_response i -> let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = deserialized_signer_response in let i:usize = i in @@ -176,9 +188,9 @@ let verify_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Matrix.compute_w_approx #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A @@ -189,15 +201,19 @@ let verify_internal verifier_challenge t1 in - let recomputed_commitment_hash:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let recomputed_commitment_hash:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_GAMMA2 - (deserialized_hint <: t_Slice (t_Array i32 (sz 256))) + (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 in - let commitment_serialized:t_Array u8 (sz 768) = Rust_primitives.Hax.repeat 0uy (sz 768) in - let commitment_serialized:t_Array u8 (sz 768) = + let commitment_serialized:t_Array u8 (mk_usize 768) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 768) + in + let commitment_serialized:t_Array u8 (mk_usize 768) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (t1 <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -220,14 +236,14 @@ let verify_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 32)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake recomputed_commitment_hash in let shake:v_Shake256Xof = tmp0 in - let recomputed_commitment_hash:t_Array u8 (sz 32) = tmp1 in + let recomputed_commitment_hash:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in if deserialized_commitment_hash =. recomputed_commitment_hash @@ -262,13 +278,13 @@ let verify (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError @@ -313,9 +329,9 @@ let verify_pre_hashed i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) (#[FStar.Tactics.Typeclasses.tcresolve ()] i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) = let pre_hash_buffer:t_Slice u8 = Libcrux_ml_dsa.Pre_hash.f_hash #v_PH @@ -329,9 +345,9 @@ let verify_pre_hashed (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError @@ -386,8 +402,8 @@ let sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = let seed_for_a, remaining_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 signing_key Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE @@ -412,48 +428,54 @@ let sign_internal remaining_serialized (v_ERROR_RING_ELEMENT_SIZE *! Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A <: usize) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ETA v_ERROR_RING_ELEMENT_SIZE s1_serialized s1_as_ntt in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ETA v_ERROR_RING_ELEMENT_SIZE s2_serialized s2_as_ntt in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Libcrux_ml_dsa.Encoding.T0.deserialize_to_vector_then_ntt #v_SIMDUnit t0_serialized t0_as_ntt in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 16) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 16) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 16) + (mk_usize 16) in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 16) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 16) = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -461,15 +483,17 @@ let sign_internal seed_for_a matrix in - let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let message_representative:t_Array u8 (sz 64) = + let message_representative:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in + let message_representative:t_Array u8 (mk_usize 64) = Libcrux_ml_dsa.Ml_dsa_generic.derive_message_representative #v_Shake256Xof verification_key_hash domain_separation_context message message_representative in - let mask_seed:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let mask_seed:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -491,84 +515,88 @@ let sign_internal shake (message_representative <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake mask_seed in let shake:v_Shake256Xof = tmp0 in - let mask_seed:t_Array u8 (sz 64) = tmp1 in + let mask_seed:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let (domain_separator_for_mask: u16):u16 = 0us in - let attempt:usize = sz 0 in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 32)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 32)) + let (domain_separator_for_mask: u16):u16 = mk_u16 0 in + let attempt:usize = mk_usize 0 in + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 32)) = + Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 32)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) = Core.Option.Option_None <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) = + Core.Option.Option_None + <: + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) in let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 32)) & + Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4))) = Rust_primitives.f_while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 32)) & + Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4))) = temp_0_ in attempt <. Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN <: bool) (attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)))) (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 32)) & + Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4))) = temp_0_ in - let attempt:usize = attempt +! sz 1 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let attempt:usize = attempt +! mk_usize 1 in + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) = + (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in let tmp0, tmp1:(u16 & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) = + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) = Libcrux_ml_dsa.Sample.sample_mask_vector #v_SIMDUnit #v_Shake256 #v_Shake256X4 @@ -579,27 +607,28 @@ let sign_internal mask in let domain_separator_for_mask:u16 = tmp0 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = tmp1 in let _:Prims.unit = () in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) - = + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) #FStar.Tactics.Typeclasses.solve mask in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) - = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mask_ntt <: @@ -608,7 +637,7 @@ let sign_internal usize) (fun mask_ntt temp_1_ -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = mask_ntt in let _:usize = temp_1_ in @@ -616,7 +645,7 @@ let sign_internal mask_ntt (fun mask_ntt i -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = mask_ntt in let i:usize = i in @@ -629,10 +658,11 @@ let sign_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4)) in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = Libcrux_ml_dsa.Matrix.compute_matrix_x_mask #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A @@ -641,8 +671,8 @@ let sign_internal a_x_mask in let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) = + (mk_usize 4) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) = Libcrux_ml_dsa.Arithmetic.decompose_vector #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_GAMMA2 @@ -650,20 +680,23 @@ let sign_internal w0 commitment in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = tmp0 in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) = + (mk_usize 4) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let commitment_hash_candidate:t_Array u8 (sz 32) = - Rust_primitives.Hax.repeat 0uy (sz 32) + let commitment_hash_candidate:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in - let commitment_serialized:t_Array u8 (sz 768) = Rust_primitives.Hax.repeat 0uy (sz 768) in - let commitment_serialized:t_Array u8 (sz 768) = + let commitment_serialized:t_Array u8 (mk_usize 768) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 768) + in + let commitment_serialized:t_Array u8 (mk_usize 768) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (commitment <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -686,14 +719,14 @@ let sign_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 32)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake commitment_hash_candidate in let shake:v_Shake256Xof = tmp0 in - let commitment_hash_candidate:t_Array u8 (sz 32) = tmp1 in + let commitment_hash_candidate:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let verifier_challenge:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = @@ -710,32 +743,33 @@ let sign_internal Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit verifier_challenge in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) #FStar.Tactics.Typeclasses.solve s1_as_ntt in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) #FStar.Tactics.Typeclasses.solve s2_as_ntt in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s1 verifier_challenge in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s2 verifier_challenge in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = Libcrux_ml_dsa.Matrix.add_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A mask @@ -743,7 +777,8 @@ let sign_internal <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Libcrux_ml_dsa.Matrix.subtract_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A w0 @@ -754,16 +789,16 @@ let sign_internal if Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit (mask <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((1l <. Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_MAX_ONES_IN_HINT then attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4))) else let attempt:usize = Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 32)) = + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 32)) = Core.Option.Option_Some commitment_hash_candidate <: - Core.Option.t_Option (t_Array u8 (sz 32)) + Core.Option.t_Option (t_Array u8 (mk_usize 32)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4)) = Core.Option.Option_Some mask <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) = + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) + = Core.Option.Option_Some hint_candidate <: - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) in attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4))) - ) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4)))) in - match commitment_hash <: Core.Option.t_Option (t_Array u8 (sz 32)) with + match commitment_hash <: Core.Option.t_Option (t_Array u8 (mk_usize 32)) with | Core.Option.Option_Some commitment_hash -> - let commitment_hash:t_Array u8 (sz 32) = commitment_hash in + let commitment_hash:t_Array u8 (mk_usize 32) = commitment_hash in (match signer_response <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) with | Core.Option.Option_Some signer_response -> let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) = + (mk_usize 4) = signer_response in - (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) with + (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) with | Core.Option.Option_Some hint -> - let hint:t_Array (t_Array i32 (sz 256)) (sz 4) = hint in - let signature:t_Array u8 (sz 2420) = + let hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4) = hint in + let signature:t_Array u8 (mk_usize 2420) = Libcrux_ml_dsa.Encoding.Signature.serialize #v_SIMDUnit (commitment_hash <: t_Slice u8) (signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (hint <: t_Slice (t_Array i32 (sz 256))) + (hint <: t_Slice (t_Array i32 (mk_usize 256))) Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COMMITMENT_HASH_SIZE Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A @@ -903,7 +944,7 @@ let sign_internal in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Option.Option_None -> signature, @@ -914,7 +955,7 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 2420) & + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, @@ -925,8 +966,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) - ) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, (Core.Result.Result_Err @@ -936,7 +977,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_mut (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) @@ -957,19 +999,19 @@ let sign_mut i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message @@ -978,11 +1020,12 @@ let sign_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> signature, (Core.Result.Result_Err @@ -990,7 +1033,8 @@ let sign_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) @@ -1011,31 +1055,31 @@ let sign i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 2420) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 2420) () in - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message context randomness signature.Libcrux_ml_dsa.Types.f_value in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) = { signature with Libcrux_ml_dsa.Types.f_value = tmp0 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError let sign_pre_hashed_mut @@ -1062,8 +1106,8 @@ let sign_pre_hashed_mut Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN then @@ -1074,7 +1118,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 2420) & + (t_Slice u8 & t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) else let pre_hash_buffer:t_Slice u8 = @@ -1089,16 +1133,16 @@ let sign_pre_hashed_mut (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key pre_hash_buffer @@ -1107,13 +1151,13 @@ let sign_pre_hashed_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, signature, hax_temp_output <: - (t_Slice u8 & t_Array u8 (sz 2420) & + (t_Slice u8 & t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> pre_hash_buffer, @@ -1125,7 +1169,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 2420) & + (t_Slice u8 & t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed @@ -1152,41 +1196,41 @@ let sign_pre_hashed Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 2420) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 2420) () in - let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (sz 2420) & + let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_mut #v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH signing_key message context pre_hash_buffer randomness signature.Libcrux_ml_dsa.Types.f_value in let pre_hash_buffer:t_Slice u8 = tmp0 in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) = { signature with Libcrux_ml_dsa.Types.f_value = tmp1 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError = match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let generate_key_pair @@ -1207,7 +1251,7 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let _:Prims.unit = @@ -1231,7 +1275,9 @@ let generate_key_pair in () in - let seed_expanded:t_Array u8 (sz 128) = Rust_primitives.Hax.repeat 0uy (sz 128) in + let seed_expanded:t_Array u8 (mk_usize 128) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 128) + in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -1256,14 +1302,14 @@ let generate_key_pair <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 128)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 128)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake seed_expanded in let shake:v_Shake256Xof = tmp0 in - let seed_expanded:t_Array u8 (sz 128) = tmp1 in + let seed_expanded:t_Array u8 (mk_usize 128) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let seed_for_a, seed_expanded:(t_Slice u8 & t_Slice u8) = @@ -1276,13 +1322,15 @@ let generate_key_pair seed_expanded Libcrux_ml_dsa.Constants.v_SEED_FOR_ERROR_VECTORS_SIZE in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 16) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 16) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 16) + (mk_usize 16) in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 16) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 16) + = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -1290,36 +1338,36 @@ let generate_key_pair seed_for_a a_as_ntt in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Samplex4.sample_s1_and_s2 #v_SIMDUnit #v_Shake256X4 Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ETA seed_for_error_vectors s1_s2 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Core.Slice.impl__copy_from_slice #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) s1_ntt (s1_s2.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A } <: @@ -1327,21 +1375,23 @@ let generate_key_pair <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (s1_ntt <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) <: usize) (fun s1_ntt temp_1_ -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = s1_ntt in let _:usize = temp_1_ in true) s1_ntt (fun s1_ntt i -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = s1_ntt in let i:usize = i in @@ -1352,9 +1402,9 @@ let generate_key_pair <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Matrix.compute_as1_plus_s2 #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A @@ -1364,18 +1414,23 @@ let generate_key_pair t0 in let _:Prims.unit = () in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) = + let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) = Libcrux_ml_dsa.Arithmetic.power2round_vector #v_SIMDUnit t0 t1 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = tmp0 in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = tmp1 in + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = + tmp0 + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = + tmp1 + in let _:Prims.unit = () in let verification_key:t_Slice u8 = Libcrux_ml_dsa.Encoding.Verification_key.generate_serialized #v_SIMDUnit diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fsti index c55d05042..080cf2482 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fsti @@ -64,11 +64,11 @@ val verify_internal {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -80,9 +80,9 @@ val verify {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -96,9 +96,9 @@ val verify_pre_hashed {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True @@ -115,10 +115,11 @@ val sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -131,10 +132,11 @@ val sign_mut {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -147,9 +149,9 @@ val sign {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_mut @@ -164,10 +166,10 @@ val sign_pre_hashed_mut {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Slice u8 & t_Array u8 (sz 2420) & + (t_Slice u8 & t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -184,10 +186,10 @@ val sign_pre_hashed {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val generate_key_pair @@ -198,6 +200,6 @@ val generate_key_pair {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst index 9cd43f56e..ac12b52b7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst @@ -29,45 +29,49 @@ let verify_internal (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) = let seed_for_a, t1_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (verification_key <: t_Slice u8) Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A v_VERIFICATION_KEY_SIZE t1_serialized t1 in - let deserialized_commitment_hash:t_Array u8 (sz 48) = Rust_primitives.Hax.repeat 0uy (sz 48) in + let deserialized_commitment_hash:t_Array u8 (mk_usize 48) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 48) + in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 5) + (mk_usize 5) in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 6) = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 256) <: t_Array i32 (sz 256)) - (sz 6) + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 256) + <: + t_Array i32 (mk_usize 256)) + (mk_usize 6) in - let tmp0, tmp1, tmp2, out:(t_Array u8 (sz 48) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) & - t_Array (t_Array i32 (sz 256)) (sz 6) & + let tmp0, tmp1, tmp2, out:(t_Array u8 (mk_usize 48) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) & + t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Encoding.Signature.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A @@ -78,12 +82,12 @@ let verify_internal (signature_serialized <: t_Slice u8) deserialized_commitment_hash deserialized_signer_response deserialized_hint in - let deserialized_commitment_hash:t_Array u8 (sz 48) = tmp0 in + let deserialized_commitment_hash:t_Array u8 (mk_usize 48) = tmp0 in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = tmp1 in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 6) = tmp2 in + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6) = tmp2 in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError with | Core.Result.Result_Ok _ -> let _:Prims.unit = () <: Prims.unit in @@ -92,7 +96,9 @@ let verify_internal (deserialized_signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((2l < let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = deserialized_signer_response in let _:usize = temp_1_ in @@ -163,7 +175,7 @@ let verify_internal deserialized_signer_response (fun deserialized_signer_response i -> let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = deserialized_signer_response in let i:usize = i in @@ -176,9 +188,9 @@ let verify_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Libcrux_ml_dsa.Matrix.compute_w_approx #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A @@ -189,15 +201,19 @@ let verify_internal verifier_challenge t1 in - let recomputed_commitment_hash:t_Array u8 (sz 48) = Rust_primitives.Hax.repeat 0uy (sz 48) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let recomputed_commitment_hash:t_Array u8 (mk_usize 48) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 48) + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_GAMMA2 - (deserialized_hint <: t_Slice (t_Array i32 (sz 256))) + (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 in - let commitment_serialized:t_Array u8 (sz 768) = Rust_primitives.Hax.repeat 0uy (sz 768) in - let commitment_serialized:t_Array u8 (sz 768) = + let commitment_serialized:t_Array u8 (mk_usize 768) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 768) + in + let commitment_serialized:t_Array u8 (mk_usize 768) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (t1 <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -220,14 +236,14 @@ let verify_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 48)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 48)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake recomputed_commitment_hash in let shake:v_Shake256Xof = tmp0 in - let recomputed_commitment_hash:t_Array u8 (sz 48) = tmp1 in + let recomputed_commitment_hash:t_Array u8 (mk_usize 48) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in if deserialized_commitment_hash =. recomputed_commitment_hash @@ -262,13 +278,13 @@ let verify (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError @@ -313,9 +329,9 @@ let verify_pre_hashed i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) (#[FStar.Tactics.Typeclasses.tcresolve ()] i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) = let pre_hash_buffer:t_Slice u8 = Libcrux_ml_dsa.Pre_hash.f_hash #v_PH @@ -329,9 +345,9 @@ let verify_pre_hashed (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError @@ -386,8 +402,8 @@ let sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = let seed_for_a, remaining_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 signing_key Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE @@ -412,48 +428,54 @@ let sign_internal remaining_serialized (v_ERROR_RING_ELEMENT_SIZE *! Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A <: usize) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 5) + (mk_usize 5) in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ETA v_ERROR_RING_ELEMENT_SIZE s1_serialized s1_as_ntt in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ETA v_ERROR_RING_ELEMENT_SIZE s2_serialized s2_as_ntt in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Libcrux_ml_dsa.Encoding.T0.deserialize_to_vector_then_ntt #v_SIMDUnit t0_serialized t0_as_ntt in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 30) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 30) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 30) + (mk_usize 30) in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 30) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 30) = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -461,15 +483,17 @@ let sign_internal seed_for_a matrix in - let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let message_representative:t_Array u8 (sz 64) = + let message_representative:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in + let message_representative:t_Array u8 (mk_usize 64) = Libcrux_ml_dsa.Ml_dsa_generic.derive_message_representative #v_Shake256Xof verification_key_hash domain_separation_context message message_representative in - let mask_seed:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let mask_seed:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -491,84 +515,88 @@ let sign_internal shake (message_representative <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake mask_seed in let shake:v_Shake256Xof = tmp0 in - let mask_seed:t_Array u8 (sz 64) = tmp1 in + let mask_seed:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let (domain_separator_for_mask: u16):u16 = 0us in - let attempt:usize = sz 0 in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 48)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 48)) + let (domain_separator_for_mask: u16):u16 = mk_u16 0 in + let attempt:usize = mk_usize 0 in + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 48)) = + Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 48)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) = Core.Option.Option_None <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) = + Core.Option.Option_None + <: + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) in let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 48)) & + Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5))) = Rust_primitives.f_while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 48)) & + Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5))) = temp_0_ in attempt <. Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN <: bool) (attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)))) (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 48)) & + Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5))) = temp_0_ in - let attempt:usize = attempt +! sz 1 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let attempt:usize = attempt +! mk_usize 1 in + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 5) + (mk_usize 5) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) = + (mk_usize 6) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in let tmp0, tmp1:(u16 & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) = + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) = Libcrux_ml_dsa.Sample.sample_mask_vector #v_SIMDUnit #v_Shake256 #v_Shake256X4 @@ -579,27 +607,28 @@ let sign_internal mask in let domain_separator_for_mask:u16 = tmp0 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = tmp1 in let _:Prims.unit = () in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 6) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) - = + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) #FStar.Tactics.Typeclasses.solve mask in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) - = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mask_ntt <: @@ -608,7 +637,7 @@ let sign_internal usize) (fun mask_ntt temp_1_ -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = mask_ntt in let _:usize = temp_1_ in @@ -616,7 +645,7 @@ let sign_internal mask_ntt (fun mask_ntt i -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = mask_ntt in let i:usize = i in @@ -629,10 +658,11 @@ let sign_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5)) in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 6) = Libcrux_ml_dsa.Matrix.compute_matrix_x_mask #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A @@ -641,8 +671,8 @@ let sign_internal a_x_mask in let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6)) = + (mk_usize 6) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6)) = Libcrux_ml_dsa.Arithmetic.decompose_vector #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_GAMMA2 @@ -650,20 +680,23 @@ let sign_internal w0 commitment in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = tmp0 in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) = + (mk_usize 6) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let commitment_hash_candidate:t_Array u8 (sz 48) = - Rust_primitives.Hax.repeat 0uy (sz 48) + let commitment_hash_candidate:t_Array u8 (mk_usize 48) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 48) in - let commitment_serialized:t_Array u8 (sz 768) = Rust_primitives.Hax.repeat 0uy (sz 768) in - let commitment_serialized:t_Array u8 (sz 768) = + let commitment_serialized:t_Array u8 (mk_usize 768) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 768) + in + let commitment_serialized:t_Array u8 (mk_usize 768) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (commitment <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -686,14 +719,14 @@ let sign_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 48)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 48)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake commitment_hash_candidate in let shake:v_Shake256Xof = tmp0 in - let commitment_hash_candidate:t_Array u8 (sz 48) = tmp1 in + let commitment_hash_candidate:t_Array u8 (mk_usize 48) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let verifier_challenge:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = @@ -710,32 +743,33 @@ let sign_internal Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit verifier_challenge in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) #FStar.Tactics.Typeclasses.solve s1_as_ntt in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6)) #FStar.Tactics.Typeclasses.solve s2_as_ntt in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s1 verifier_challenge in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s2 verifier_challenge in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = Libcrux_ml_dsa.Matrix.add_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A mask @@ -743,7 +777,8 @@ let sign_internal <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Libcrux_ml_dsa.Matrix.subtract_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A w0 @@ -754,16 +789,16 @@ let sign_internal if Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit (mask <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((1l <. Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_MAX_ONES_IN_HINT then attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5))) else let attempt:usize = Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 48)) = + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 48)) = Core.Option.Option_Some commitment_hash_candidate <: - Core.Option.t_Option (t_Array u8 (sz 48)) + Core.Option.t_Option (t_Array u8 (mk_usize 48)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5)) = Core.Option.Option_Some mask <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) = + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) + = Core.Option.Option_Some hint_candidate <: - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) in attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5))) - ) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5)))) in - match commitment_hash <: Core.Option.t_Option (t_Array u8 (sz 48)) with + match commitment_hash <: Core.Option.t_Option (t_Array u8 (mk_usize 48)) with | Core.Option.Option_Some commitment_hash -> - let commitment_hash:t_Array u8 (sz 48) = commitment_hash in + let commitment_hash:t_Array u8 (mk_usize 48) = commitment_hash in (match signer_response <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) with | Core.Option.Option_Some signer_response -> let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 5) = + (mk_usize 5) = signer_response in - (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) with + (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) with | Core.Option.Option_Some hint -> - let hint:t_Array (t_Array i32 (sz 256)) (sz 6) = hint in - let signature:t_Array u8 (sz 3309) = + let hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6) = hint in + let signature:t_Array u8 (mk_usize 3309) = Libcrux_ml_dsa.Encoding.Signature.serialize #v_SIMDUnit (commitment_hash <: t_Slice u8) (signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (hint <: t_Slice (t_Array i32 (sz 256))) + (hint <: t_Slice (t_Array i32 (mk_usize 256))) Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COMMITMENT_HASH_SIZE Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A @@ -903,7 +944,7 @@ let sign_internal in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Option.Option_None -> signature, @@ -914,7 +955,7 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 3309) & + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, @@ -925,8 +966,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) - ) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, (Core.Result.Result_Err @@ -936,7 +977,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_mut (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) @@ -957,19 +999,19 @@ let sign_mut i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message @@ -978,11 +1020,12 @@ let sign_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> signature, (Core.Result.Result_Err @@ -990,7 +1033,8 @@ let sign_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) @@ -1011,31 +1055,31 @@ let sign i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 3309) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 3309) () in - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message context randomness signature.Libcrux_ml_dsa.Types.f_value in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) = { signature with Libcrux_ml_dsa.Types.f_value = tmp0 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError let sign_pre_hashed_mut @@ -1062,8 +1106,8 @@ let sign_pre_hashed_mut Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN then @@ -1074,7 +1118,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 3309) & + (t_Slice u8 & t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) else let pre_hash_buffer:t_Slice u8 = @@ -1089,16 +1133,16 @@ let sign_pre_hashed_mut (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key pre_hash_buffer @@ -1107,13 +1151,13 @@ let sign_pre_hashed_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, signature, hax_temp_output <: - (t_Slice u8 & t_Array u8 (sz 3309) & + (t_Slice u8 & t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> pre_hash_buffer, @@ -1125,7 +1169,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 3309) & + (t_Slice u8 & t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed @@ -1152,41 +1196,41 @@ let sign_pre_hashed Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 3309) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 3309) () in - let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (sz 3309) & + let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_mut #v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH signing_key message context pre_hash_buffer randomness signature.Libcrux_ml_dsa.Types.f_value in let pre_hash_buffer:t_Slice u8 = tmp0 in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) = { signature with Libcrux_ml_dsa.Types.f_value = tmp1 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError = match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let generate_key_pair @@ -1207,7 +1251,7 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let _:Prims.unit = @@ -1231,7 +1275,9 @@ let generate_key_pair in () in - let seed_expanded:t_Array u8 (sz 128) = Rust_primitives.Hax.repeat 0uy (sz 128) in + let seed_expanded:t_Array u8 (mk_usize 128) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 128) + in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -1256,14 +1302,14 @@ let generate_key_pair <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 128)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 128)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake seed_expanded in let shake:v_Shake256Xof = tmp0 in - let seed_expanded:t_Array u8 (sz 128) = tmp1 in + let seed_expanded:t_Array u8 (mk_usize 128) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let seed_for_a, seed_expanded:(t_Slice u8 & t_Slice u8) = @@ -1276,13 +1322,15 @@ let generate_key_pair seed_expanded Libcrux_ml_dsa.Constants.v_SEED_FOR_ERROR_VECTORS_SIZE in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 30) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 30) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 30) + (mk_usize 30) in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 30) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 30) + = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -1290,36 +1338,36 @@ let generate_key_pair seed_for_a a_as_ntt in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 11) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 11) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 11) + (mk_usize 11) in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 11) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 11) = Libcrux_ml_dsa.Samplex4.sample_s1_and_s2 #v_SIMDUnit #v_Shake256X4 Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ETA seed_for_error_vectors s1_s2 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 5) + (mk_usize 5) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = Core.Slice.impl__copy_from_slice #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) s1_ntt (s1_s2.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A } <: @@ -1327,21 +1375,23 @@ let generate_key_pair <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (s1_ntt <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) <: usize) (fun s1_ntt temp_1_ -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = s1_ntt in let _:usize = temp_1_ in true) s1_ntt (fun s1_ntt i -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = s1_ntt in let i:usize = i in @@ -1352,9 +1402,9 @@ let generate_key_pair <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Libcrux_ml_dsa.Matrix.compute_as1_plus_s2 #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A @@ -1364,18 +1414,23 @@ let generate_key_pair t0 in let _:Prims.unit = () in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6)) = + let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 6) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6)) = Libcrux_ml_dsa.Arithmetic.power2round_vector #v_SIMDUnit t0 t1 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = tmp0 in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = tmp1 in + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = + tmp0 + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = + tmp1 + in let _:Prims.unit = () in let verification_key:t_Slice u8 = Libcrux_ml_dsa.Encoding.Verification_key.generate_serialized #v_SIMDUnit diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fsti index dc9e55a43..f1b763e02 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fsti @@ -64,11 +64,11 @@ val verify_internal {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -80,9 +80,9 @@ val verify {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -96,9 +96,9 @@ val verify_pre_hashed {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True @@ -115,10 +115,11 @@ val sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -131,10 +132,11 @@ val sign_mut {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -147,9 +149,9 @@ val sign {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_mut @@ -164,10 +166,10 @@ val sign_pre_hashed_mut {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Slice u8 & t_Array u8 (sz 3309) & + (t_Slice u8 & t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -184,10 +186,10 @@ val sign_pre_hashed {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val generate_key_pair @@ -198,6 +200,6 @@ val generate_key_pair {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst index a2fc8ab3e..64acbacf2 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst @@ -29,45 +29,49 @@ let verify_internal (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) = let seed_for_a, t1_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (verification_key <: t_Slice u8) Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A v_VERIFICATION_KEY_SIZE t1_serialized t1 in - let deserialized_commitment_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let deserialized_commitment_hash:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 7) + (mk_usize 7) in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 8) = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 256) <: t_Array i32 (sz 256)) - (sz 8) + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 256) + <: + t_Array i32 (mk_usize 256)) + (mk_usize 8) in - let tmp0, tmp1, tmp2, out:(t_Array u8 (sz 64) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) & - t_Array (t_Array i32 (sz 256)) (sz 8) & + let tmp0, tmp1, tmp2, out:(t_Array u8 (mk_usize 64) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) & + t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Encoding.Signature.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A @@ -78,12 +82,12 @@ let verify_internal (signature_serialized <: t_Slice u8) deserialized_commitment_hash deserialized_signer_response deserialized_hint in - let deserialized_commitment_hash:t_Array u8 (sz 64) = tmp0 in + let deserialized_commitment_hash:t_Array u8 (mk_usize 64) = tmp0 in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = tmp1 in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 8) = tmp2 in + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8) = tmp2 in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError with | Core.Result.Result_Ok _ -> let _:Prims.unit = () <: Prims.unit in @@ -92,7 +96,9 @@ let verify_internal (deserialized_signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((2l < let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = deserialized_signer_response in let _:usize = temp_1_ in @@ -163,7 +175,7 @@ let verify_internal deserialized_signer_response (fun deserialized_signer_response i -> let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = deserialized_signer_response in let i:usize = i in @@ -176,9 +188,9 @@ let verify_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Matrix.compute_w_approx #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A @@ -189,15 +201,19 @@ let verify_internal verifier_challenge t1 in - let recomputed_commitment_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let recomputed_commitment_hash:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_GAMMA2 - (deserialized_hint <: t_Slice (t_Array i32 (sz 256))) + (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 in - let commitment_serialized:t_Array u8 (sz 1024) = Rust_primitives.Hax.repeat 0uy (sz 1024) in - let commitment_serialized:t_Array u8 (sz 1024) = + let commitment_serialized:t_Array u8 (mk_usize 1024) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1024) + in + let commitment_serialized:t_Array u8 (mk_usize 1024) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (t1 <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -220,14 +236,14 @@ let verify_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake recomputed_commitment_hash in let shake:v_Shake256Xof = tmp0 in - let recomputed_commitment_hash:t_Array u8 (sz 64) = tmp1 in + let recomputed_commitment_hash:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in if deserialized_commitment_hash =. recomputed_commitment_hash @@ -262,13 +278,13 @@ let verify (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError @@ -313,9 +329,9 @@ let verify_pre_hashed i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) (#[FStar.Tactics.Typeclasses.tcresolve ()] i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) = let pre_hash_buffer:t_Slice u8 = Libcrux_ml_dsa.Pre_hash.f_hash #v_PH @@ -329,9 +345,9 @@ let verify_pre_hashed (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError @@ -386,8 +402,8 @@ let sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = let seed_for_a, remaining_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 signing_key Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE @@ -412,48 +428,54 @@ let sign_internal remaining_serialized (v_ERROR_RING_ELEMENT_SIZE *! Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A <: usize) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 7) + (mk_usize 7) in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ETA v_ERROR_RING_ELEMENT_SIZE s1_serialized s1_as_ntt in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ETA v_ERROR_RING_ELEMENT_SIZE s2_serialized s2_as_ntt in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Libcrux_ml_dsa.Encoding.T0.deserialize_to_vector_then_ntt #v_SIMDUnit t0_serialized t0_as_ntt in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 56) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 56) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 56) + (mk_usize 56) in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 56) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 56) = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -461,15 +483,17 @@ let sign_internal seed_for_a matrix in - let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let message_representative:t_Array u8 (sz 64) = + let message_representative:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in + let message_representative:t_Array u8 (mk_usize 64) = Libcrux_ml_dsa.Ml_dsa_generic.derive_message_representative #v_Shake256Xof verification_key_hash domain_separation_context message message_representative in - let mask_seed:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let mask_seed:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -491,84 +515,88 @@ let sign_internal shake (message_representative <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake mask_seed in let shake:v_Shake256Xof = tmp0 in - let mask_seed:t_Array u8 (sz 64) = tmp1 in + let mask_seed:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let (domain_separator_for_mask: u16):u16 = 0us in - let attempt:usize = sz 0 in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 64)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 64)) + let (domain_separator_for_mask: u16):u16 = mk_u16 0 in + let attempt:usize = mk_usize 0 in + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 64)) = + Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 64)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) = Core.Option.Option_None <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) = + Core.Option.Option_None + <: + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) in let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 64)) & + Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7))) = Rust_primitives.f_while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 64)) & + Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7))) = temp_0_ in attempt <. Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN <: bool) (attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)))) (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 64)) & + Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7))) = temp_0_ in - let attempt:usize = attempt +! sz 1 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let attempt:usize = attempt +! mk_usize 1 in + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 7) + (mk_usize 7) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) = + (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in let tmp0, tmp1:(u16 & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) = + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) = Libcrux_ml_dsa.Sample.sample_mask_vector #v_SIMDUnit #v_Shake256 #v_Shake256X4 @@ -579,27 +607,28 @@ let sign_internal mask in let domain_separator_for_mask:u16 = tmp0 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = tmp1 in let _:Prims.unit = () in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) - = + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) #FStar.Tactics.Typeclasses.solve mask in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) - = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mask_ntt <: @@ -608,7 +637,7 @@ let sign_internal usize) (fun mask_ntt temp_1_ -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = mask_ntt in let _:usize = temp_1_ in @@ -616,7 +645,7 @@ let sign_internal mask_ntt (fun mask_ntt i -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = mask_ntt in let i:usize = i in @@ -629,10 +658,11 @@ let sign_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7)) in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 8) = Libcrux_ml_dsa.Matrix.compute_matrix_x_mask #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A @@ -641,8 +671,8 @@ let sign_internal a_x_mask in let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8)) = + (mk_usize 8) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8)) = Libcrux_ml_dsa.Arithmetic.decompose_vector #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_GAMMA2 @@ -650,22 +680,23 @@ let sign_internal w0 commitment in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = tmp0 in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) = + (mk_usize 8) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let commitment_hash_candidate:t_Array u8 (sz 64) = - Rust_primitives.Hax.repeat 0uy (sz 64) + let commitment_hash_candidate:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in - let commitment_serialized:t_Array u8 (sz 1024) = - Rust_primitives.Hax.repeat 0uy (sz 1024) + let commitment_serialized:t_Array u8 (mk_usize 1024) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1024) in - let commitment_serialized:t_Array u8 (sz 1024) = + let commitment_serialized:t_Array u8 (mk_usize 1024) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (commitment <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -688,14 +719,14 @@ let sign_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake commitment_hash_candidate in let shake:v_Shake256Xof = tmp0 in - let commitment_hash_candidate:t_Array u8 (sz 64) = tmp1 in + let commitment_hash_candidate:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let verifier_challenge:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = @@ -712,32 +743,33 @@ let sign_internal Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit verifier_challenge in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) #FStar.Tactics.Typeclasses.solve s1_as_ntt in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8)) #FStar.Tactics.Typeclasses.solve s2_as_ntt in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s1 verifier_challenge in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s2 verifier_challenge in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = Libcrux_ml_dsa.Matrix.add_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A mask @@ -745,7 +777,8 @@ let sign_internal <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Libcrux_ml_dsa.Matrix.subtract_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A w0 @@ -756,16 +789,16 @@ let sign_internal if Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit (mask <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((1l <. Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_MAX_ONES_IN_HINT then attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7))) else let attempt:usize = Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 64)) = + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 64)) = Core.Option.Option_Some commitment_hash_candidate <: - Core.Option.t_Option (t_Array u8 (sz 64)) + Core.Option.t_Option (t_Array u8 (mk_usize 64)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7)) = Core.Option.Option_Some mask <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) = + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) + = Core.Option.Option_Some hint_candidate <: - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) in attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7))) - ) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7)))) in - match commitment_hash <: Core.Option.t_Option (t_Array u8 (sz 64)) with + match commitment_hash <: Core.Option.t_Option (t_Array u8 (mk_usize 64)) with | Core.Option.Option_Some commitment_hash -> - let commitment_hash:t_Array u8 (sz 64) = commitment_hash in + let commitment_hash:t_Array u8 (mk_usize 64) = commitment_hash in (match signer_response <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) with | Core.Option.Option_Some signer_response -> let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 7) = + (mk_usize 7) = signer_response in - (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) with + (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) with | Core.Option.Option_Some hint -> - let hint:t_Array (t_Array i32 (sz 256)) (sz 8) = hint in - let signature:t_Array u8 (sz 4627) = + let hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8) = hint in + let signature:t_Array u8 (mk_usize 4627) = Libcrux_ml_dsa.Encoding.Signature.serialize #v_SIMDUnit (commitment_hash <: t_Slice u8) (signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (hint <: t_Slice (t_Array i32 (sz 256))) + (hint <: t_Slice (t_Array i32 (mk_usize 256))) Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COMMITMENT_HASH_SIZE Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A @@ -905,7 +944,7 @@ let sign_internal in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Option.Option_None -> signature, @@ -916,7 +955,7 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 4627) & + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, @@ -927,8 +966,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) - ) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, (Core.Result.Result_Err @@ -938,7 +977,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_mut (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) @@ -959,19 +999,19 @@ let sign_mut i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message @@ -980,11 +1020,12 @@ let sign_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> signature, (Core.Result.Result_Err @@ -992,7 +1033,8 @@ let sign_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) @@ -1013,31 +1055,31 @@ let sign i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 4627) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 4627) () in - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message context randomness signature.Libcrux_ml_dsa.Types.f_value in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) = { signature with Libcrux_ml_dsa.Types.f_value = tmp0 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError let sign_pre_hashed_mut @@ -1064,8 +1106,8 @@ let sign_pre_hashed_mut Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN then @@ -1076,7 +1118,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 4627) & + (t_Slice u8 & t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) else let pre_hash_buffer:t_Slice u8 = @@ -1091,16 +1133,16 @@ let sign_pre_hashed_mut (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key pre_hash_buffer @@ -1109,13 +1151,13 @@ let sign_pre_hashed_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, signature, hax_temp_output <: - (t_Slice u8 & t_Array u8 (sz 4627) & + (t_Slice u8 & t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> pre_hash_buffer, @@ -1127,7 +1169,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 4627) & + (t_Slice u8 & t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed @@ -1154,41 +1196,41 @@ let sign_pre_hashed Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 4627) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 4627) () in - let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (sz 4627) & + let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_mut #v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH signing_key message context pre_hash_buffer randomness signature.Libcrux_ml_dsa.Types.f_value in let pre_hash_buffer:t_Slice u8 = tmp0 in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) = { signature with Libcrux_ml_dsa.Types.f_value = tmp1 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError = match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let generate_key_pair @@ -1209,7 +1251,7 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let _:Prims.unit = @@ -1233,7 +1275,9 @@ let generate_key_pair in () in - let seed_expanded:t_Array u8 (sz 128) = Rust_primitives.Hax.repeat 0uy (sz 128) in + let seed_expanded:t_Array u8 (mk_usize 128) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 128) + in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -1258,14 +1302,14 @@ let generate_key_pair <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 128)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 128)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake seed_expanded in let shake:v_Shake256Xof = tmp0 in - let seed_expanded:t_Array u8 (sz 128) = tmp1 in + let seed_expanded:t_Array u8 (mk_usize 128) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let seed_for_a, seed_expanded:(t_Slice u8 & t_Slice u8) = @@ -1278,13 +1322,15 @@ let generate_key_pair seed_expanded Libcrux_ml_dsa.Constants.v_SEED_FOR_ERROR_VECTORS_SIZE in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 56) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 56) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 56) + (mk_usize 56) in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 56) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 56) + = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -1292,36 +1338,36 @@ let generate_key_pair seed_for_a a_as_ntt in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 15) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 15) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 15) + (mk_usize 15) in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 15) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 15) = Libcrux_ml_dsa.Samplex4.sample_s1_and_s2 #v_SIMDUnit #v_Shake256X4 Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ETA seed_for_error_vectors s1_s2 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 7) + (mk_usize 7) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = Core.Slice.impl__copy_from_slice #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) s1_ntt (s1_s2.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A } <: @@ -1329,21 +1375,23 @@ let generate_key_pair <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (s1_ntt <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) <: usize) (fun s1_ntt temp_1_ -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = s1_ntt in let _:usize = temp_1_ in true) s1_ntt (fun s1_ntt i -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = s1_ntt in let i:usize = i in @@ -1354,9 +1402,9 @@ let generate_key_pair <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Matrix.compute_as1_plus_s2 #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A @@ -1366,18 +1414,23 @@ let generate_key_pair t0 in let _:Prims.unit = () in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8)) = + let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 8) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8)) = Libcrux_ml_dsa.Arithmetic.power2round_vector #v_SIMDUnit t0 t1 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = tmp0 in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = tmp1 in + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = + tmp0 + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = + tmp1 + in let _:Prims.unit = () in let verification_key:t_Slice u8 = Libcrux_ml_dsa.Encoding.Verification_key.generate_serialized #v_SIMDUnit diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fsti index 1185fe9ef..38cb4175e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fsti @@ -64,11 +64,11 @@ val verify_internal {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -80,9 +80,9 @@ val verify {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -96,9 +96,9 @@ val verify_pre_hashed {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True @@ -115,10 +115,11 @@ val sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -131,10 +132,11 @@ val sign_mut {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -147,9 +149,9 @@ val sign {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_mut @@ -164,10 +166,10 @@ val sign_pre_hashed_mut {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Slice u8 & t_Array u8 (sz 4627) & + (t_Slice u8 & t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -184,10 +186,10 @@ val sign_pre_hashed {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val generate_key_pair @@ -198,6 +200,6 @@ val generate_key_pair {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fst index 6b04e42e0..fd2e7ffec 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fst @@ -4,51 +4,51 @@ open Core open FStar.Mul let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) = - let signing_key, verification_key:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let signing_key, verification_key:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = if Libcrux_platform.Platform.simd256_support () then - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) else if Libcrux_platform.Platform.simd128_support () then - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) else - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) let sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = if Libcrux_platform.Platform.simd256_support () then @@ -70,17 +70,17 @@ let sign randomness let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = if Libcrux_platform.Platform.simd256_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.sign_pre_hashed_shake128 signing_key message @@ -92,13 +92,13 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) else if Libcrux_platform.Platform.simd128_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.sign_pre_hashed_shake128 signing_key message @@ -110,11 +110,11 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) else let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.sign_pre_hashed_shake128 signing_key message @@ -126,19 +126,19 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) = if Libcrux_platform.Platform.simd256_support () then @@ -160,9 +160,9 @@ let verify signature_serialized let verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fsti index 86e20ee9e..f83ef426d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fsti @@ -4,40 +4,42 @@ open Core open FStar.Mul val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) - : Prims.Pure (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) + : Prims.Pure (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) + Prims.l_True + (fun _ -> Prims.l_True) val sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fst index b6a00d573..6e4277066 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fst @@ -4,51 +4,51 @@ open Core open FStar.Mul let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let signing_key, verification_key:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let signing_key, verification_key:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = if Libcrux_platform.Platform.simd256_support () then - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) else if Libcrux_platform.Platform.simd128_support () then - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) else - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = if Libcrux_platform.Platform.simd256_support () then @@ -70,17 +70,17 @@ let sign randomness let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = if Libcrux_platform.Platform.simd256_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.sign_pre_hashed_shake128 signing_key message @@ -92,13 +92,13 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) else if Libcrux_platform.Platform.simd128_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.sign_pre_hashed_shake128 signing_key message @@ -110,11 +110,11 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) else let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.sign_pre_hashed_shake128 signing_key message @@ -126,19 +126,19 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) = if Libcrux_platform.Platform.simd256_support () then @@ -160,9 +160,9 @@ let verify signature_serialized let verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fsti index c19ae6a03..e7b002766 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fsti @@ -4,40 +4,42 @@ open Core open FStar.Mul val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) val sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fst index 5e27cee1a..1ce540a7a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fst @@ -4,51 +4,51 @@ open Core open FStar.Mul let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) = - let signing_key, verification_key:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let signing_key, verification_key:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = if Libcrux_platform.Platform.simd256_support () then - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) else if Libcrux_platform.Platform.simd128_support () then - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) else - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) let sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = if Libcrux_platform.Platform.simd256_support () then @@ -70,17 +70,17 @@ let sign randomness let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = if Libcrux_platform.Platform.simd256_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.sign_pre_hashed_shake128 signing_key message @@ -92,13 +92,13 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) else if Libcrux_platform.Platform.simd128_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.sign_pre_hashed_shake128 signing_key message @@ -110,11 +110,11 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) else let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.sign_pre_hashed_shake128 signing_key message @@ -126,19 +126,19 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) = if Libcrux_platform.Platform.simd256_support () then @@ -160,9 +160,9 @@ let verify signature_serialized let verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fsti index d90ff6e68..a0c2a3c37 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fsti @@ -4,40 +4,42 @@ open Core open FStar.Mul val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) - : Prims.Pure (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) + : Prims.Pure (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) + Prims.l_True + (fun _ -> Prims.l_True) val sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst index b39dcc686..0f4b55c8e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst @@ -18,14 +18,15 @@ let derive_message_representative (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) (message: t_Slice u8) - (message_representative: t_Array u8 (sz 64)) + (message_representative: t_Array u8 (mk_usize 64)) = let _:Prims.unit = if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 verification_key_hash <: usize) =. sz 64 <: bool - ) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 verification_key_hash <: usize) =. mk_usize 64 + <: + bool) in () in @@ -51,10 +52,10 @@ let derive_message_representative shake ((let list = [ - cast (Core.Option.impl__is_some #(t_Array u8 (sz 11)) + cast (Core.Option.impl__is_some #(t_Array u8 (mk_usize 11)) (Libcrux_ml_dsa.Pre_hash.impl_1__pre_hash_oid domain_separation_context <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: bool) <: @@ -96,7 +97,7 @@ let derive_message_representative (match Libcrux_ml_dsa.Pre_hash.impl_1__pre_hash_oid domain_separation_context <: - Core.Option.t_Option (t_Array u8 (sz 11)) + Core.Option.t_Option (t_Array u8 (mk_usize 11)) with | Core.Option.Option_Some pre_hash_oid -> Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof @@ -112,13 +113,13 @@ let derive_message_representative shake message in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake message_representative in let shake:v_Shake256Xof = tmp0 in - let message_representative:t_Array u8 (sz 64) = tmp1 in + let message_representative:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in message_representative diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti index 731a25876..1ba045697 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti @@ -33,5 +33,5 @@ val derive_message_representative (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) (message: t_Slice u8) - (message_representative: t_Array u8 (sz 64)) - : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) + (message_representative: t_Array u8 (mk_usize 64)) + : Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst index f79c280f8..24a22e835 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst @@ -59,7 +59,7 @@ let ntt_multiply_montgomery (lhs rhs: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let lhs:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (lhs.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -86,7 +86,7 @@ let ntt_multiply_montgomery <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst index cdb574003..2a75f3fee 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst @@ -53,12 +53,12 @@ let impl__from_i32_array if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #i32 array <: usize) >=. sz 256 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #i32 array <: usize) >=. mk_usize 256 <: bool) in () in let result:t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_dsa.Simd.Traits.v_SIMD_UNITS_IN_RING_ELEMENT (fun result temp_1_ -> let result:t_PolynomialRingElement v_SIMDUnit = result in @@ -82,7 +82,7 @@ let impl__from_i32_array i *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! + (i +! mk_usize 1 <: usize) *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize @@ -95,7 +95,7 @@ let impl__from_i32_array <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: t_PolynomialRingElement v_SIMDUnit) @@ -117,7 +117,7 @@ let impl__zero () <: v_SIMDUnit) - (sz 32) + (mk_usize 32) } <: t_PolynomialRingElement v_SIMDUnit @@ -130,7 +130,7 @@ let impl__add (self rhs: t_PolynomialRingElement v_SIMDUnit) = let self:t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (self.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun self temp_1_ -> let self:t_PolynomialRingElement v_SIMDUnit = self in @@ -153,7 +153,7 @@ let impl__add <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: t_PolynomialRingElement v_SIMDUnit) @@ -170,7 +170,7 @@ let impl__infinity_norm_exceeds = let result:bool = false in let result:bool = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (self.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun result temp_1_ -> let result:bool = result in @@ -198,7 +198,7 @@ let impl__subtract (self rhs: t_PolynomialRingElement v_SIMDUnit) = let self:t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (self.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun self temp_1_ -> let self:t_PolynomialRingElement v_SIMDUnit = self in @@ -221,7 +221,7 @@ let impl__subtract <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: t_PolynomialRingElement v_SIMDUnit) @@ -235,16 +235,16 @@ let impl__to_i32_array Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (self: t_PolynomialRingElement v_SIMDUnit) = - let result:t_Array i32 (sz 256) = Rust_primitives.Hax.repeat 0l (sz 256) in - let result:t_Array i32 (sz 256) = + let result:t_Array i32 (mk_usize 256) = Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 256) in + let result:t_Array i32 (mk_usize 256) = Rust_primitives.Hax.Folds.fold_enumerated_slice (self.f_simd_units <: t_Slice v_SIMDUnit) (fun result temp_1_ -> - let result:t_Array i32 (sz 256) = result in + let result:t_Array i32 (mk_usize 256) = result in let _:usize = temp_1_ in true) result (fun result temp_1_ -> - let result:t_Array i32 (sz 256) = result in + let result:t_Array i32 (mk_usize 256) = result in let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_range result ({ @@ -253,7 +253,7 @@ let impl__to_i32_array i *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT + (i +! mk_usize 1 <: usize) *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize } @@ -268,7 +268,8 @@ let impl__to_i32_array i *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT + (i +! mk_usize 1 <: usize) *! + Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize } @@ -279,6 +280,6 @@ let impl__to_i32_array <: t_Slice i32) <: - t_Array i32 (sz 256)) + t_Array i32 (mk_usize 256)) in result diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti index 9667cb818..fe2eca25a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti @@ -11,7 +11,7 @@ let _ = type t_PolynomialRingElement (v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - = { f_simd_units:t_Array v_SIMDUnit (sz 32) } + = { f_simd_units:t_Array v_SIMDUnit (mk_usize 32) } [@@ FStar.Tactics.Typeclasses.tcinstance] val impl_1 @@ -63,4 +63,4 @@ val impl__to_i32_array (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (self: t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure (t_Array i32 (sz 256)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array i32 (mk_usize 256)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst index 55181b452..575ec4e55 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst @@ -14,7 +14,7 @@ let impl_1__context (self: t_DomainSeparationContext) = self.f_context let impl_1__pre_hash_oid (self: t_DomainSeparationContext) = self.f_pre_hash_oid let t_DomainSeparationError_cast_to_repr (x: t_DomainSeparationError) = - match x <: t_DomainSeparationError with | DomainSeparationError_ContextTooLongError -> isz 0 + match x <: t_DomainSeparationError with | DomainSeparationError_ContextTooLongError -> mk_isize 0 [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_2: Core.Convert.t_From Libcrux_ml_dsa.Types.t_SigningError t_DomainSeparationError = @@ -52,7 +52,7 @@ let impl_3: Core.Convert.t_From Libcrux_ml_dsa.Types.t_VerificationError t_Domai let impl: t_PreHash t_SHAKE128_PH = { f_oid_pre = (fun (_: Prims.unit) -> true); - f_oid_post = (fun (_: Prims.unit) (out: t_Array u8 (sz 11)) -> true); + f_oid_post = (fun (_: Prims.unit) (out: t_Array u8 (mk_usize 11)) -> true); f_oid = (fun (_: Prims.unit) -> v_SHAKE128_OID); f_hash_pre = @@ -91,7 +91,7 @@ let impl: t_PreHash t_SHAKE128_PH = if true then let _:Prims.unit = - match Core.Slice.impl__len #u8 output, sz 256 <: (usize & usize) with + match Core.Slice.impl__len #u8 output, mk_usize 256 <: (usize & usize) with | left_val, right_val -> Hax_lib.v_assert (left_val =. right_val <: bool) in () @@ -105,7 +105,10 @@ let impl: t_PreHash t_SHAKE128_PH = output } -let impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Array u8 (sz 11))) = +let impl_1__new + (context: t_Slice u8) + (pre_hash_oid: Core.Option.t_Option (t_Array u8 (mk_usize 11))) + = if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN then Core.Result.Result_Err (DomainSeparationError_ContextTooLongError <: t_DomainSeparationError) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti index 37b79c9e3..f6cfb6b99 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti @@ -13,7 +13,7 @@ let _ = /// the hash function or XOF used for pre-hashing. type t_DomainSeparationContext = { f_context:t_Slice u8; - f_pre_hash_oid:Core.Option.t_Option (t_Array u8 (sz 11)) + f_pre_hash_oid:Core.Option.t_Option (t_Array u8 (mk_usize 11)) } /// Returns the context, guaranteed to be at most 255 bytes long. @@ -22,7 +22,9 @@ val impl_1__context (self: t_DomainSeparationContext) /// Returns the pre-hash OID, if any. val impl_1__pre_hash_oid (self: t_DomainSeparationContext) - : Prims.Pure (Core.Option.t_Option (t_Array u8 (sz 11))) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (Core.Option.t_Option (t_Array u8 (mk_usize 11))) + Prims.l_True + (fun _ -> Prims.l_True) type t_DomainSeparationError = | DomainSeparationError_ContextTooLongError : t_DomainSeparationError @@ -31,9 +33,9 @@ val t_DomainSeparationError_cast_to_repr (x: t_DomainSeparationError) class t_PreHash (v_Self: Type0) = { f_oid_pre:Prims.unit -> Type0; - f_oid_post:Prims.unit -> t_Array u8 (sz 11) -> Type0; + f_oid_post:Prims.unit -> t_Array u8 (mk_usize 11) -> Type0; f_oid:x0: Prims.unit - -> Prims.Pure (t_Array u8 (sz 11)) (f_oid_pre x0) (fun result -> f_oid_post x0 result); + -> Prims.Pure (t_Array u8 (mk_usize 11)) (f_oid_pre x0) (fun result -> f_oid_post x0 result); f_hash_pre: #v_Shake128: Type0 -> {| i1: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |} -> @@ -61,10 +63,15 @@ class t_PreHash (v_Self: Type0) = { /// digest length 256 bytes. type t_SHAKE128_PH = | SHAKE128_PH : t_SHAKE128_PH -let v_PRE_HASH_OID_LEN: usize = sz 11 +let v_PRE_HASH_OID_LEN: usize = mk_usize 11 -let v_SHAKE128_OID: t_Array u8 (sz 11) = - let list = [6uy; 9uy; 96uy; 134uy; 72uy; 1uy; 101uy; 3uy; 4uy; 2uy; 11uy] in +let v_SHAKE128_OID: t_Array u8 (mk_usize 11) = + let list = + [ + mk_u8 6; mk_u8 9; mk_u8 96; mk_u8 134; mk_u8 72; mk_u8 1; mk_u8 101; mk_u8 3; mk_u8 4; mk_u8 2; + mk_u8 11 + ] + in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 11); Rust_primitives.Hax.array_of_list 11 list @@ -78,7 +85,9 @@ val impl_3:Core.Convert.t_From Libcrux_ml_dsa.Types.t_VerificationError t_Domain val impl:t_PreHash t_SHAKE128_PH /// `context` must be at most 255 bytes long. -val impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Array u8 (sz 11))) +val impl_1__new + (context: t_Slice u8) + (pre_hash_oid: Core.Option.t_Option (t_Array u8 (mk_usize 11))) : Prims.Pure (Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst index b5b5bafcc..79bf5e14b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst @@ -12,7 +12,7 @@ let _ = () let generate_domain_separator (row, column: (u8 & u8)) = - (cast (column <: u8) <: u16) |. ((cast (row <: u8) <: u16) < - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = + temp_0_ + in let random_bytes:t_Slice u8 = random_bytes in if ~.done <: bool then @@ -50,7 +54,7 @@ let rejection_sample_less_than_eta_equals_2_ <: t_Slice i32) in - let out:t_Array i32 (sz 263) = + let out:t_Array i32 (mk_usize 263) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from out ({ Core.Ops.Range.f_start = sampled_coefficients } <: @@ -62,12 +66,12 @@ let rejection_sample_less_than_eta_equals_2_ if sampled_coefficients >=. Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let done:bool = true in - done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) in let hax_temp_output:bool = done in - sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) + sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (mk_usize 263) & bool) let rejection_sample_less_than_eta_equals_4_ (#v_SIMDUnit: Type0) @@ -76,19 +80,23 @@ let rejection_sample_less_than_eta_equals_4_ Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) + (out: t_Array i32 (mk_usize 263)) = let done:bool = false in - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (mk_usize 4) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Slice.Iter.t_ChunksExact u8) - (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + (done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) (fun temp_0_ random_bytes -> - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = + temp_0_ + in let random_bytes:t_Slice u8 = random_bytes in if ~.done <: bool then @@ -102,7 +110,7 @@ let rejection_sample_less_than_eta_equals_4_ <: t_Slice i32) in - let out:t_Array i32 (sz 263) = + let out:t_Array i32 (mk_usize 263) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from out ({ Core.Ops.Range.f_start = sampled_coefficients } <: @@ -114,12 +122,12 @@ let rejection_sample_less_than_eta_equals_4_ if sampled_coefficients >=. Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let done:bool = true in - done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) in let hax_temp_output:bool = done in - sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) + sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (mk_usize 263) & bool) let rejection_sample_less_than_eta (#v_SIMDUnit: Type0) @@ -129,30 +137,30 @@ let rejection_sample_less_than_eta (eta: Libcrux_ml_dsa.Constants.t_Eta) (randomness: t_Slice u8) (sampled: usize) - (out: t_Array i32 (sz 263)) + (out: t_Array i32 (mk_usize 263)) = - let (out, sampled), hax_temp_output:((t_Array i32 (sz 263) & usize) & bool) = + let (out, sampled), hax_temp_output:((t_Array i32 (mk_usize 263) & usize) & bool) = match eta <: Libcrux_ml_dsa.Constants.t_Eta with | Libcrux_ml_dsa.Constants.Eta_Two -> - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta_equals_2_ #v_SIMDUnit randomness sampled out in let sampled:usize = tmp0 in - let out:t_Array i32 (sz 263) = tmp1 in - (out, sampled <: (t_Array i32 (sz 263) & usize)), out1 + let out:t_Array i32 (mk_usize 263) = tmp1 in + (out, sampled <: (t_Array i32 (mk_usize 263) & usize)), out1 <: - ((t_Array i32 (sz 263) & usize) & bool) + ((t_Array i32 (mk_usize 263) & usize) & bool) | Libcrux_ml_dsa.Constants.Eta_Four -> - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta_equals_4_ #v_SIMDUnit randomness sampled out in let sampled:usize = tmp0 in - let out:t_Array i32 (sz 263) = tmp1 in - (out, sampled <: (t_Array i32 (sz 263) & usize)), out1 + let out:t_Array i32 (mk_usize 263) = tmp1 in + (out, sampled <: (t_Array i32 (mk_usize 263) & usize)), out1 <: - ((t_Array i32 (sz 263) & usize) & bool) + ((t_Array i32 (mk_usize 263) & usize) & bool) in - sampled, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) + sampled, out, hax_temp_output <: (usize & t_Array i32 (mk_usize 263) & bool) let rejection_sample_less_than_field_modulus (#v_SIMDUnit: Type0) @@ -161,19 +169,23 @@ let rejection_sample_less_than_field_modulus Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) + (out: t_Array i32 (mk_usize 263)) = let done:bool = false in - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 24) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (mk_usize 24) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Slice.Iter.t_ChunksExact u8) - (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + (done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) (fun temp_0_ random_bytes -> - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = + temp_0_ + in let random_bytes:t_Slice u8 = random_bytes in if ~.done <: bool then @@ -187,7 +199,7 @@ let rejection_sample_less_than_field_modulus <: t_Slice i32) in - let out:t_Array i32 (sz 263) = + let out:t_Array i32 (mk_usize 263) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from out ({ Core.Ops.Range.f_start = sampled_coefficients } <: @@ -199,26 +211,26 @@ let rejection_sample_less_than_field_modulus if sampled_coefficients >=. Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let done:bool = true in - done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) in let hax_temp_output:bool = done in - sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) + sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (mk_usize 263) & bool) let add_domain_separator (slice: t_Slice u8) (indices: (u8 & u8)) = - let out:t_Array u8 (sz 34) = Rust_primitives.Hax.repeat 0uy (sz 34) in - let out:t_Array u8 (sz 34) = + let out:t_Array u8 (mk_usize 34) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 34) in + let out:t_Array u8 (mk_usize 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (out.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: @@ -230,31 +242,31 @@ let add_domain_separator (slice: t_Slice u8) (indices: (u8 & u8)) = t_Slice u8) in let domain_separator:u16 = generate_domain_separator indices in - let out:t_Array u8 (sz 34) = + let out:t_Array u8 (mk_usize 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - (sz 32) + (mk_usize 32) (cast (domain_separator <: u16) <: u8) in - let out:t_Array u8 (sz 34) = + let out:t_Array u8 (mk_usize 34) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - (sz 33) - (cast (domain_separator >>! 8l <: u16) <: u8) + (mk_usize 33) + (cast (domain_separator >>! mk_i32 8 <: u16) <: u8) in out let add_error_domain_separator (slice: t_Slice u8) (domain_separator: u16) = - let out:t_Array u8 (sz 66) = Rust_primitives.Hax.repeat 0uy (sz 66) in - let out:t_Array u8 (sz 66) = + let out:t_Array u8 (mk_usize 66) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 66) in + let out:t_Array u8 (mk_usize 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (out.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: @@ -265,15 +277,15 @@ let add_error_domain_separator (slice: t_Slice u8) (domain_separator: u16) = <: t_Slice u8) in - let out:t_Array u8 (sz 66) = + let out:t_Array u8 (mk_usize 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - (sz 64) + (mk_usize 64) (cast (domain_separator <: u16) <: u8) in - let out:t_Array u8 (sz 66) = + let out:t_Array u8 (mk_usize 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - (sz 65) - (cast (domain_separator >>! 8l <: u16) <: u8) + (mk_usize 65) + (cast (domain_separator >>! mk_i32 8 <: u16) <: u8) in out @@ -281,51 +293,53 @@ let inside_out_shuffle (randomness: t_Slice u8) (out_index: usize) (signs: u64) - (result: t_Array i32 (sz 256)) + (result: t_Array i32 (mk_usize 256)) = let done:bool = false in - let done, out_index, result, signs:(bool & usize & t_Array i32 (sz 256) & u64) = + let done, out_index, result, signs:(bool & usize & t_Array i32 (mk_usize 256) & u64) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter u8) #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__iter #u8 randomness <: Core.Slice.Iter.t_Iter u8) <: Core.Slice.Iter.t_Iter u8) - (done, out_index, result, signs <: (bool & usize & t_Array i32 (sz 256) & u64)) + (done, out_index, result, signs <: (bool & usize & t_Array i32 (mk_usize 256) & u64)) (fun temp_0_ byte -> - let done, out_index, result, signs:(bool & usize & t_Array i32 (sz 256) & u64) = + let done, out_index, result, signs:(bool & usize & t_Array i32 (mk_usize 256) & u64) = temp_0_ in let byte:u8 = byte in if ~.done <: bool then let sample_at:usize = cast (byte <: u8) <: usize in - let out_index, result, signs:(usize & t_Array i32 (sz 256) & u64) = + let out_index, result, signs:(usize & t_Array i32 (mk_usize 256) & u64) = if sample_at <=. out_index then - let result:t_Array i32 (sz 256) = + let result:t_Array i32 (mk_usize 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result out_index (result.[ sample_at ] <: i32) in - let out_index:usize = out_index +! sz 1 in - let result:t_Array i32 (sz 256) = + let out_index:usize = out_index +! mk_usize 1 in + let result:t_Array i32 (mk_usize 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sample_at - (1l -! (2l *! (cast (signs &. 1uL <: u64) <: i32) <: i32) <: i32) + (mk_i32 1 -! (mk_i32 2 *! (cast (signs &. mk_u64 1 <: u64) <: i32) <: i32) + <: + i32) in - let signs:u64 = signs >>! 1l in - out_index, result, signs <: (usize & t_Array i32 (sz 256) & u64) - else out_index, result, signs <: (usize & t_Array i32 (sz 256) & u64) + let signs:u64 = signs >>! mk_i32 1 in + out_index, result, signs <: (usize & t_Array i32 (mk_usize 256) & u64) + else out_index, result, signs <: (usize & t_Array i32 (mk_usize 256) & u64) in let done:bool = out_index =. (Core.Slice.impl__len #i32 (result <: t_Slice i32) <: usize) in - done, out_index, result, signs <: (bool & usize & t_Array i32 (sz 256) & u64) - else done, out_index, result, signs <: (bool & usize & t_Array i32 (sz 256) & u64)) + done, out_index, result, signs <: (bool & usize & t_Array i32 (mk_usize 256) & u64) + else done, out_index, result, signs <: (bool & usize & t_Array i32 (mk_usize 256) & u64)) in let hax_temp_output:bool = done in - out_index, signs, result, hax_temp_output <: (usize & u64 & t_Array i32 (sz 256) & bool) + out_index, signs, result, hax_temp_output <: (usize & u64 & t_Array i32 (mk_usize 256) & bool) let sample_challenge_ring_element (#v_SIMDUnit #v_Shake256: Type0) @@ -344,35 +358,38 @@ let sample_challenge_ring_element #FStar.Tactics.Typeclasses.solve seed in - let tmp0, out:(v_Shake256 & t_Array u8 (sz 136)) = + let tmp0, out:(v_Shake256 & t_Array u8 (mk_usize 136)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_first_block #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomness:t_Array u8 (sz 136) = out in + let randomness:t_Array u8 (mk_usize 136) = out in let signs:u64 = - Core.Num.impl__u64__from_le_bytes (Core.Result.impl__unwrap #(t_Array u8 (sz 8)) + Core.Num.impl__u64__from_le_bytes (Core.Result.impl__unwrap #(t_Array u8 (mk_usize 8)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 8)) + #(t_Array u8 (mk_usize 8)) #FStar.Tactics.Typeclasses.solve - (randomness.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + (randomness.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 8 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) <: - Core.Result.t_Result (t_Array u8 (sz 8)) Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array u8 (mk_usize 8)) Core.Array.t_TryFromSliceError) <: - t_Array u8 (sz 8)) + t_Array u8 (mk_usize 8)) in - let result:t_Array i32 (sz 256) = Rust_primitives.Hax.repeat 0l (sz 256) in + let result:t_Array i32 (mk_usize 256) = Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 256) in let out_index:usize = (Core.Slice.impl__len #i32 (result <: t_Slice i32) <: usize) -! number_of_ones in - let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (sz 256) & bool) = - inside_out_shuffle (randomness.[ { Core.Ops.Range.f_start = sz 8 } + let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (mk_usize 256) & bool) = + inside_out_shuffle (randomness.[ { Core.Ops.Range.f_start = mk_usize 8 } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -383,41 +400,41 @@ let sample_challenge_ring_element in let out_index:usize = tmp0 in let signs:u64 = tmp1 in - let result:t_Array i32 (sz 256) = tmp2 in + let result:t_Array i32 (mk_usize 256) = tmp2 in let done:bool = out in - let done, out_index, result, signs, state:(bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256) - = + let done, out_index, result, signs, state:(bool & usize & t_Array i32 (mk_usize 256) & u64 & + v_Shake256) = Rust_primitives.f_while_loop (fun temp_0_ -> - let done, out_index, result, signs, state:(bool & usize & t_Array i32 (sz 256) & u64 & + let done, out_index, result, signs, state:(bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256) = temp_0_ in ~.done <: bool) (done, out_index, result, signs, state <: - (bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256)) + (bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256)) (fun temp_0_ -> - let done, out_index, result, signs, state:(bool & usize & t_Array i32 (sz 256) & u64 & + let done, out_index, result, signs, state:(bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256) = temp_0_ in - let tmp0, out:(v_Shake256 & t_Array u8 (sz 136)) = + let tmp0, out:(v_Shake256 & t_Array u8 (mk_usize 136)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_next_block #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomness:t_Array u8 (sz 136) = out in - let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (sz 256) & bool) = + let randomness:t_Array u8 (mk_usize 136) = out in + let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (mk_usize 256) & bool) = inside_out_shuffle (randomness <: t_Slice u8) out_index signs result in let out_index:usize = tmp0 in let signs:u64 = tmp1 in - let result:t_Array i32 (sz 256) = tmp2 in + let result:t_Array i32 (mk_usize 256) = tmp2 in let done:bool = out in done, out_index, result, signs, state <: - (bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256)) + (bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256)) in let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (result <: t_Slice i32) re @@ -437,10 +454,16 @@ let sample_four_error_ring_elements (start_index: u16) (re: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = - let seed0:t_Array u8 (sz 66) = add_error_domain_separator seed start_index in - let seed1:t_Array u8 (sz 66) = add_error_domain_separator seed (start_index +! 1us <: u16) in - let seed2:t_Array u8 (sz 66) = add_error_domain_separator seed (start_index +! 2us <: u16) in - let seed3:t_Array u8 (sz 66) = add_error_domain_separator seed (start_index +! 3us <: u16) in + let seed0:t_Array u8 (mk_usize 66) = add_error_domain_separator seed start_index in + let seed1:t_Array u8 (mk_usize 66) = + add_error_domain_separator seed (start_index +! mk_u16 1 <: u16) + in + let seed2:t_Array u8 (mk_usize 66) = + add_error_domain_separator seed (start_index +! mk_u16 2 <: u16) + in + let seed3:t_Array u8 (mk_usize 66) = + add_error_domain_separator seed (start_index +! mk_u16 3 <: u16) + in let state:v_Shake256 = Libcrux_ml_dsa.Hash_functions.Shake256.f_init_absorb_x4 #v_Shake256 #FStar.Tactics.Typeclasses.solve @@ -450,76 +473,80 @@ let sample_four_error_ring_elements (seed3 <: t_Slice u8) in let tmp0, out1:(v_Shake256 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) = + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_first_block_x4 #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomnesses:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & - t_Array u8 (sz 136)) = + let randomnesses:(t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136)) = out1 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 263) <: t_Array i32 (sz 263)) - (sz 4) + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 263) + <: + t_Array i32 (mk_usize 263)) + (mk_usize 4) in - let sampled0:usize = sz 0 in - let sampled1:usize = sz 0 in - let sampled2:usize = sz 0 in - let sampled3:usize = sz 0 in - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let sampled0:usize = mk_usize 0 in + let sampled1:usize = mk_usize 0 in + let sampled2:usize = mk_usize 0 in + let sampled3:usize = mk_usize 0 in + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._1 <: t_Slice u8) sampled0 - (out.[ sz 0 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 0 ] <: t_Array i32 (mk_usize 263)) in let sampled0:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 0) tmp1 in let done0:bool = out1 in - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._2 <: t_Slice u8) sampled1 - (out.[ sz 1 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 1 ] <: t_Array i32 (mk_usize 263)) in let sampled1:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 1) tmp1 in let done1:bool = out1 in - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._3 <: t_Slice u8) sampled2 - (out.[ sz 2 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 2 ] <: t_Array i32 (mk_usize 263)) in let sampled2:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 2) tmp1 in let done2:bool = out1 in - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._4 <: t_Slice u8) sampled3 - (out.[ sz 3 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 3 ] <: t_Array i32 (mk_usize 263)) in let sampled3:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 3) tmp1 in let done3:bool = out1 in let done0, done1, done2, done3, out, sampled0, sampled1, sampled2, sampled3, state:(bool & bool & bool & bool & - t_Array (t_Array i32 (sz 263)) (sz 4) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & usize & usize & @@ -530,7 +557,7 @@ let sample_four_error_ring_elements bool & bool & bool & - t_Array (t_Array i32 (sz 263)) (sz 4) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & usize & usize & @@ -541,7 +568,9 @@ let sample_four_error_ring_elements (~.done0 <: bool) || (~.done1 <: bool) || (~.done2 <: bool) || (~.done3 <: bool)) (done0, done1, done2, done3, out, sampled0, sampled1, sampled2, sampled3, state <: - (bool & bool & bool & bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize & usize & usize & + (bool & bool & bool & bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & + usize & + usize & usize & v_Shake256)) (fun temp_0_ -> @@ -549,7 +578,7 @@ let sample_four_error_ring_elements bool & bool & bool & - t_Array (t_Array i32 (sz 263)) (sz 4) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & usize & usize & @@ -558,100 +587,121 @@ let sample_four_error_ring_elements temp_0_ in let tmp0, out1:(v_Shake256 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - = + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_next_block_x4 #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomnesses:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & - t_Array u8 (sz 136)) = + let randomnesses:(t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136)) = out1 in - let done0, out, sampled0:(bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) = + let done0, out, sampled0:(bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize + ) = if ~.done0 then - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._1 <: t_Slice u8) sampled0 - (out.[ sz 0 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 0 ] <: t_Array i32 (mk_usize 263)) in let sampled0:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 0) tmp1 in let done0:bool = out1 in - done0, out, sampled0 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) - else done0, out, sampled0 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) + done0, out, sampled0 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) + else + done0, out, sampled0 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) in - let done1, out, sampled1:(bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) = + let done1, out, sampled1:(bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize + ) = if ~.done1 then - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._2 <: t_Slice u8) sampled1 - (out.[ sz 1 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 1 ] <: t_Array i32 (mk_usize 263)) in let sampled1:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 1) tmp1 in let done1:bool = out1 in - done1, out, sampled1 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) - else done1, out, sampled1 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) + done1, out, sampled1 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) + else + done1, out, sampled1 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) in - let done2, out, sampled2:(bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) = + let done2, out, sampled2:(bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize + ) = if ~.done2 then - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._3 <: t_Slice u8) sampled2 - (out.[ sz 2 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 2 ] <: t_Array i32 (mk_usize 263)) in let sampled2:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 2) tmp1 in let done2:bool = out1 in - done2, out, sampled2 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) - else done2, out, sampled2 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) + done2, out, sampled2 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) + else + done2, out, sampled2 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) in if ~.done3 then - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._4 <: t_Slice u8) sampled3 - (out.[ sz 3 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 3 ] <: t_Array i32 (mk_usize 263)) in let sampled3:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 3) tmp1 in let done3:bool = out1 in done0, done1, done2, done3, out, sampled0, sampled1, sampled2, sampled3, state <: - (bool & bool & bool & bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize & usize & + (bool & bool & bool & bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & + usize & usize & usize & v_Shake256) else done0, done1, done2, done3, out, sampled0, sampled1, sampled2, sampled3, state <: - (bool & bool & bool & bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize & usize & + (bool & bool & bool & bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & + usize & usize & usize & v_Shake256)) in - let max:usize = (cast (start_index <: u16) <: usize) +! sz 4 in + let max:usize = (cast (start_index <: u16) <: usize) +! mk_usize 4 in let max:usize = if (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) re @@ -675,7 +725,7 @@ let sample_four_error_ring_elements Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re i (Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit - (out.[ i %! sz 4 <: usize ] <: t_Slice i32) + (out.[ i %! mk_usize 4 <: usize ] <: t_Slice i32) (re.[ i ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -692,18 +742,18 @@ let sample_mask_ring_element (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) - (seed: t_Array u8 (sz 66)) + (seed: t_Array u8 (mk_usize 66)) (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (gamma1_exponent: usize) = let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = match cast (gamma1_exponent <: usize) <: u8 with - | 17uy -> - let out:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in - let out:t_Array u8 (sz 576) = + | Rust_primitives.Integers.MkInt 17 -> + let out:t_Array u8 (mk_usize 576) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 576) in + let out:t_Array u8 (mk_usize 576) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256 #FStar.Tactics.Typeclasses.solve - (sz 576) + (mk_usize 576) (seed <: t_Slice u8) out in @@ -714,12 +764,12 @@ let sample_mask_ring_element result in result - | 19uy -> - let out:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in - let out:t_Array u8 (sz 640) = + | Rust_primitives.Integers.MkInt 19 -> + let out:t_Array u8 (mk_usize 640) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 640) in + let out:t_Array u8 (mk_usize 640) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256 #FStar.Tactics.Typeclasses.solve - (sz 640) + (mk_usize 640) (seed <: t_Slice u8) out in @@ -746,7 +796,7 @@ let sample_mask_vector i5: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (dimension gamma1_exponent: usize) - (seed: t_Array u8 (sz 64)) + (seed: t_Array u8 (mk_usize 64)) (domain_separator: u16) (mask: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = @@ -754,134 +804,138 @@ let sample_mask_vector if true then let _:Prims.unit = - Hax_lib.v_assert ((dimension =. sz 4 <: bool) || (dimension =. sz 5 <: bool) || - (dimension =. sz 7 <: bool)) + Hax_lib.v_assert ((dimension =. mk_usize 4 <: bool) || (dimension =. mk_usize 5 <: bool) || + (dimension =. mk_usize 7 <: bool)) in () in - let seed0:t_Array u8 (sz 66) = add_error_domain_separator (seed <: t_Slice u8) domain_separator in - let seed1:t_Array u8 (sz 66) = - add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! 1us <: u16) + let seed0:t_Array u8 (mk_usize 66) = + add_error_domain_separator (seed <: t_Slice u8) domain_separator + in + let seed1:t_Array u8 (mk_usize 66) = + add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! mk_u16 1 <: u16) in - let seed2:t_Array u8 (sz 66) = - add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! 2us <: u16) + let seed2:t_Array u8 (mk_usize 66) = + add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! mk_u16 2 <: u16) in - let seed3:t_Array u8 (sz 66) = - add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! 3us <: u16) + let seed3:t_Array u8 (mk_usize 66) = + add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! mk_u16 3 <: u16) in - let domain_separator:u16 = domain_separator +! 4us in + let domain_separator:u16 = domain_separator +! mk_u16 4 in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = match cast (gamma1_exponent <: usize) <: u8 with - | 17uy -> - let out0:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in - let out1:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in - let out2:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in - let out3:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in - let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (sz 576) & t_Array u8 (sz 576) & t_Array u8 (sz 576) & - t_Array u8 (sz 576)) = + | Rust_primitives.Integers.MkInt 17 -> + let out0:t_Array u8 (mk_usize 576) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 576) in + let out1:t_Array u8 (mk_usize 576) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 576) in + let out2:t_Array u8 (mk_usize 576) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 576) in + let out3:t_Array u8 (mk_usize 576) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 576) in + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (mk_usize 576) & t_Array u8 (mk_usize 576) & + t_Array u8 (mk_usize 576) & + t_Array u8 (mk_usize 576)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256_x4 #v_Shake256X4 - #FStar.Tactics.Typeclasses.solve (sz 576) (seed0 <: t_Slice u8) (seed1 <: t_Slice u8) - (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 + #FStar.Tactics.Typeclasses.solve (mk_usize 576) (seed0 <: t_Slice u8) + (seed1 <: t_Slice u8) (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 in - let out0:t_Array u8 (sz 576) = tmp0 in - let out1:t_Array u8 (sz 576) = tmp1 in - let out2:t_Array u8 (sz 576) = tmp2 in - let out3:t_Array u8 (sz 576) = tmp3 in + let out0:t_Array u8 (mk_usize 576) = tmp0 in + let out1:t_Array u8 (mk_usize 576) = tmp1 in + let out2:t_Array u8 (mk_usize 576) = tmp2 in + let out3:t_Array u8 (mk_usize 576) = tmp3 in let _:Prims.unit = () in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 0) + (mk_usize 0) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out0 <: t_Slice u8) - (mask.[ sz 0 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 0 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 1) + (mk_usize 1) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out1 <: t_Slice u8) - (mask.[ sz 1 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 1 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 2) + (mk_usize 2) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out2 <: t_Slice u8) - (mask.[ sz 2 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 2 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 3) + (mk_usize 3) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out3 <: t_Slice u8) - (mask.[ sz 3 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 3 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in mask - | 19uy -> - let out0:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in - let out1:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in - let out2:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in - let out3:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in - let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (sz 640) & t_Array u8 (sz 640) & t_Array u8 (sz 640) & - t_Array u8 (sz 640)) = + | Rust_primitives.Integers.MkInt 19 -> + let out0:t_Array u8 (mk_usize 640) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 640) in + let out1:t_Array u8 (mk_usize 640) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 640) in + let out2:t_Array u8 (mk_usize 640) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 640) in + let out3:t_Array u8 (mk_usize 640) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 640) in + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (mk_usize 640) & t_Array u8 (mk_usize 640) & + t_Array u8 (mk_usize 640) & + t_Array u8 (mk_usize 640)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256_x4 #v_Shake256X4 - #FStar.Tactics.Typeclasses.solve (sz 640) (seed0 <: t_Slice u8) (seed1 <: t_Slice u8) - (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 + #FStar.Tactics.Typeclasses.solve (mk_usize 640) (seed0 <: t_Slice u8) + (seed1 <: t_Slice u8) (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 in - let out0:t_Array u8 (sz 640) = tmp0 in - let out1:t_Array u8 (sz 640) = tmp1 in - let out2:t_Array u8 (sz 640) = tmp2 in - let out3:t_Array u8 (sz 640) = tmp3 in + let out0:t_Array u8 (mk_usize 640) = tmp0 in + let out1:t_Array u8 (mk_usize 640) = tmp1 in + let out2:t_Array u8 (mk_usize 640) = tmp2 in + let out3:t_Array u8 (mk_usize 640) = tmp3 in let _:Prims.unit = () in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 0) + (mk_usize 0) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out0 <: t_Slice u8) - (mask.[ sz 0 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 0 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 1) + (mk_usize 1) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out1 <: t_Slice u8) - (mask.[ sz 1 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 1 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 2) + (mk_usize 2) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out2 <: t_Slice u8) - (mask.[ sz 2 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 2 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 3) + (mk_usize 3) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out3 <: t_Slice u8) - (mask.[ sz 3 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 3 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in @@ -890,7 +944,7 @@ let sample_mask_vector in let domain_separator, mask:(u16 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = - Rust_primitives.Hax.Folds.fold_range (sz 4) + Rust_primitives.Hax.Folds.fold_range (mk_usize 4) dimension (fun temp_0_ temp_1_ -> let domain_separator, mask:(u16 & @@ -908,10 +962,10 @@ let sample_mask_vector temp_0_ in let i:usize = i in - let seed:t_Array u8 (sz 66) = + let seed:t_Array u8 (mk_usize 66) = add_error_domain_separator (seed <: t_Slice u8) domain_separator in - let domain_separator:u16 = domain_separator +! 1us in + let domain_separator:u16 = domain_separator +! mk_u16 1 in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask i @@ -942,31 +996,37 @@ let sample_up_to_four_ring_elements_flat (columns: usize) (seed: t_Slice u8) (matrix: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (sz 840)) - (tmp_stack: t_Slice (t_Array i32 (sz 263))) + (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (mk_usize 840)) + (tmp_stack: t_Slice (t_Array i32 (mk_usize 263))) (start_index elements_requested: usize) = let _:Prims.unit = if true then - let _:Prims.unit = Hax_lib.v_assert (elements_requested <=. sz 4 <: bool) in + let _:Prims.unit = Hax_lib.v_assert (elements_requested <=. mk_usize 4 <: bool) in () in - let seed0:t_Array u8 (sz 34) = + let seed0:t_Array u8 (mk_usize 34) = add_domain_separator seed (sample_up_to_four_ring_elements_flat__xy start_index columns <: (u8 & u8)) in - let seed1:t_Array u8 (sz 34) = + let seed1:t_Array u8 (mk_usize 34) = add_domain_separator seed - (sample_up_to_four_ring_elements_flat__xy (start_index +! sz 1 <: usize) columns <: (u8 & u8)) + (sample_up_to_four_ring_elements_flat__xy (start_index +! mk_usize 1 <: usize) columns + <: + (u8 & u8)) in - let seed2:t_Array u8 (sz 34) = + let seed2:t_Array u8 (mk_usize 34) = add_domain_separator seed - (sample_up_to_four_ring_elements_flat__xy (start_index +! sz 2 <: usize) columns <: (u8 & u8)) + (sample_up_to_four_ring_elements_flat__xy (start_index +! mk_usize 2 <: usize) columns + <: + (u8 & u8)) in - let seed3:t_Array u8 (sz 34) = + let seed3:t_Array u8 (mk_usize 34) = add_domain_separator seed - (sample_up_to_four_ring_elements_flat__xy (start_index +! sz 3 <: usize) columns <: (u8 & u8)) + (sample_up_to_four_ring_elements_flat__xy (start_index +! mk_usize 3 <: usize) columns + <: + (u8 & u8)) in let state:v_Shake128 = Libcrux_ml_dsa.Hash_functions.Shake128.f_init_absorb #v_Shake128 @@ -976,9 +1036,10 @@ let sample_up_to_four_ring_elements_flat (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) in - let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = + let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) = Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_first_five_blocks #v_Shake128 #FStar.Tactics.Typeclasses.solve state @@ -988,57 +1049,57 @@ let sample_up_to_four_ring_elements_flat rand_stack3 in let state:v_Shake128 = tmp0 in - let rand_stack0:t_Array u8 (sz 840) = tmp1 in - let rand_stack1:t_Array u8 (sz 840) = tmp2 in - let rand_stack2:t_Array u8 (sz 840) = tmp3 in - let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let rand_stack0:t_Array u8 (mk_usize 840) = tmp1 in + let rand_stack1:t_Array u8 (mk_usize 840) = tmp2 in + let rand_stack2:t_Array u8 (mk_usize 840) = tmp3 in + let rand_stack3:t_Array u8 (mk_usize 840) = tmp4 in let _:Prims.unit = () in - let sampled0:usize = sz 0 in - let sampled1:usize = sz 0 in - let sampled2:usize = sz 0 in - let sampled3:usize = sz 0 in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let sampled0:usize = mk_usize 0 in + let sampled1:usize = mk_usize 0 in + let sampled2:usize = mk_usize 0 in + let sampled3:usize = mk_usize 0 in + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (rand_stack0 <: t_Slice u8) sampled0 - (tmp_stack.[ sz 0 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 0 ] <: t_Array i32 (mk_usize 263)) in let sampled0:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (mk_usize 0) tmp1 in let done0:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (rand_stack1 <: t_Slice u8) sampled1 - (tmp_stack.[ sz 1 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 1 ] <: t_Array i32 (mk_usize 263)) in let sampled1:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (mk_usize 1) tmp1 in let done1:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (rand_stack2 <: t_Slice u8) sampled2 - (tmp_stack.[ sz 2 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 2 ] <: t_Array i32 (mk_usize 263)) in let sampled2:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (mk_usize 2) tmp1 in let done2:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (rand_stack3 <: t_Slice u8) sampled3 - (tmp_stack.[ sz 3 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 3 ] <: t_Array i32 (mk_usize 263)) in let sampled3:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 3) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (mk_usize 3) tmp1 in let done3:bool = out in let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & @@ -1050,7 +1111,7 @@ let sample_up_to_four_ring_elements_flat usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263))) = + t_Slice (t_Array i32 (mk_usize 263))) = Rust_primitives.f_while_loop (fun temp_0_ -> let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & bool & @@ -1061,14 +1122,14 @@ let sample_up_to_four_ring_elements_flat usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263))) = + t_Slice (t_Array i32 (mk_usize 263))) = temp_0_ in (~.done0 <: bool) || (~.done1 <: bool) || (~.done2 <: bool) || (~.done3 <: bool)) (done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack <: (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263)))) + t_Slice (t_Array i32 (mk_usize 263)))) (fun temp_0_ -> let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & bool & @@ -1079,97 +1140,106 @@ let sample_up_to_four_ring_elements_flat usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263))) = + t_Slice (t_Array i32 (mk_usize 263))) = temp_0_ in let tmp0, out:(v_Shake128 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - = + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) = Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_next_block #v_Shake128 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake128 = tmp0 in - let randomnesses:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & - t_Array u8 (sz 168)) = + let randomnesses:(t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168)) = out in - let done0, sampled0, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) = + let done0, sampled0, tmp_stack:(bool & usize & t_Slice (t_Array i32 (mk_usize 263))) = if ~.done0 then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._1 <: t_Slice u8) sampled0 - (tmp_stack.[ sz 0 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 0 ] <: t_Array i32 (mk_usize 263)) in let sampled0:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack + (mk_usize 0) + tmp1 in let done0:bool = out in - done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) - else done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) + else done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) in - let done1, sampled1, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) = + let done1, sampled1, tmp_stack:(bool & usize & t_Slice (t_Array i32 (mk_usize 263))) = if ~.done1 then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._2 <: t_Slice u8) sampled1 - (tmp_stack.[ sz 1 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 1 ] <: t_Array i32 (mk_usize 263)) in let sampled1:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack + (mk_usize 1) + tmp1 in let done1:bool = out in - done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) - else done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) + else done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) in - let done2, sampled2, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) = + let done2, sampled2, tmp_stack:(bool & usize & t_Slice (t_Array i32 (mk_usize 263))) = if ~.done2 then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._3 <: t_Slice u8) sampled2 - (tmp_stack.[ sz 2 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 2 ] <: t_Array i32 (mk_usize 263)) in let sampled2:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack + (mk_usize 2) + tmp1 in let done2:bool = out in - done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) - else done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) + else done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) in if ~.done3 then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._4 <: t_Slice u8) sampled3 - (tmp_stack.[ sz 3 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 3 ] <: t_Array i32 (mk_usize 263)) in let sampled3:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 3) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack + (mk_usize 3) + tmp1 in let done3:bool = out in done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack <: (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263))) + t_Slice (t_Array i32 (mk_usize 263))) else done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack <: (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263)))) + t_Slice (t_Array i32 (mk_usize 263)))) in let matrix:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) elements_requested (fun matrix temp_1_ -> let matrix:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = @@ -1197,8 +1267,9 @@ let sample_up_to_four_ring_elements_flat in matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack <: - (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Slice (t_Array i32 (sz 263))) + (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Slice (t_Array i32 (mk_usize 263))) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti index 7991fde68..66221cec1 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti @@ -21,16 +21,16 @@ val rejection_sample_less_than_eta_equals_2_ {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) - : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) + (out: t_Array i32 (mk_usize 263)) + : Prims.Pure (usize & t_Array i32 (mk_usize 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val rejection_sample_less_than_eta_equals_4_ (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) - : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) + (out: t_Array i32 (mk_usize 263)) + : Prims.Pure (usize & t_Array i32 (mk_usize 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val rejection_sample_less_than_eta (#v_SIMDUnit: Type0) @@ -38,29 +38,31 @@ val rejection_sample_less_than_eta (eta: Libcrux_ml_dsa.Constants.t_Eta) (randomness: t_Slice u8) (sampled: usize) - (out: t_Array i32 (sz 263)) - : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) + (out: t_Array i32 (mk_usize 263)) + : Prims.Pure (usize & t_Array i32 (mk_usize 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val rejection_sample_less_than_field_modulus (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) - : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) + (out: t_Array i32 (mk_usize 263)) + : Prims.Pure (usize & t_Array i32 (mk_usize 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val add_domain_separator (slice: t_Slice u8) (indices: (u8 & u8)) - : Prims.Pure (t_Array u8 (sz 34)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 34)) Prims.l_True (fun _ -> Prims.l_True) val add_error_domain_separator (slice: t_Slice u8) (domain_separator: u16) - : Prims.Pure (t_Array u8 (sz 66)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 66)) Prims.l_True (fun _ -> Prims.l_True) val inside_out_shuffle (randomness: t_Slice u8) (out_index: usize) (signs: u64) - (result: t_Array i32 (sz 256)) - : Prims.Pure (usize & u64 & t_Array i32 (sz 256) & bool) Prims.l_True (fun _ -> Prims.l_True) + (result: t_Array i32 (mk_usize 256)) + : Prims.Pure (usize & u64 & t_Array i32 (mk_usize 256) & bool) + Prims.l_True + (fun _ -> Prims.l_True) val sample_challenge_ring_element (#v_SIMDUnit #v_Shake256: Type0) @@ -89,7 +91,7 @@ val sample_mask_ring_element (#v_SIMDUnit #v_Shake256: Type0) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} - (seed: t_Array u8 (sz 66)) + (seed: t_Array u8 (mk_usize 66)) (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (gamma1_exponent: usize) : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -102,7 +104,7 @@ val sample_mask_vector {| i4: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i5: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (dimension gamma1_exponent: usize) - (seed: t_Array u8 (sz 64)) + (seed: t_Array u8 (mk_usize 64)) (domain_separator: u16) (mask: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) : Prims.Pure (u16 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -123,12 +125,13 @@ val sample_up_to_four_ring_elements_flat (columns: usize) (seed: t_Slice u8) (matrix: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (sz 840)) - (tmp_stack: t_Slice (t_Array i32 (sz 263))) + (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (mk_usize 840)) + (tmp_stack: t_Slice (t_Array i32 (mk_usize 263))) (start_index elements_requested: usize) : Prims.Pure - (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Slice (t_Array i32 (sz 263))) Prims.l_True (fun _ -> Prims.l_True) + (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Slice (t_Array i32 (mk_usize 263))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst index 55bb938a2..297e0afc5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst @@ -23,17 +23,17 @@ let matrix_flat (seed: t_Slice u8) (matrix: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = - let rand_stack0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let rand_stack1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let rand_stack2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let rand_stack3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = + let rand_stack0:t_Array u8 (mk_usize 840) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 840) in + let rand_stack1:t_Array u8 (mk_usize 840) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 840) in + let rand_stack2:t_Array u8 (mk_usize 840) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 840) in + let rand_stack3:t_Array u8 (mk_usize 840) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 840) in + let tmp_stack:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = let list = [ - Rust_primitives.Hax.repeat 0l (sz 263); - Rust_primitives.Hax.repeat 0l (sz 263); - Rust_primitives.Hax.repeat 0l (sz 263); - Rust_primitives.Hax.repeat 0l (sz 263) + Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 263); + Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 263); + Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 263); + Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 263) ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); @@ -41,24 +41,24 @@ let matrix_flat in let matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4)) = - Rust_primitives.Hax.Folds.fold_range_step_by (sz 0) + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4)) = + Rust_primitives.Hax.Folds.fold_range_step_by (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) matrix <: usize) - (sz 4) + (mk_usize 4) (fun temp_0_ temp_1_ -> let matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4)) = + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4)) = temp_0_ in let _:usize = temp_1_ in @@ -66,30 +66,30 @@ let matrix_flat (matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack <: (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4))) + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4))) (fun temp_0_ start_index -> let matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4)) = + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4)) = temp_0_ in let start_index:usize = start_index in let elements_requested:usize = if - (start_index +! sz 4 <: usize) <=. + (start_index +! mk_usize 4 <: usize) <=. (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) matrix <: usize) - then sz 4 + then mk_usize 4 else (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) matrix @@ -99,11 +99,11 @@ let matrix_flat in let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4)) = + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements_flat #v_SIMDUnit #v_Shake128 columns seed matrix rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack start_index elements_requested @@ -111,20 +111,20 @@ let matrix_flat let matrix:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = tmp0 in - let rand_stack0:t_Array u8 (sz 840) = tmp1 in - let rand_stack1:t_Array u8 (sz 840) = tmp2 in - let rand_stack2:t_Array u8 (sz 840) = tmp3 in - let rand_stack3:t_Array u8 (sz 840) = tmp4 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in + let rand_stack0:t_Array u8 (mk_usize 840) = tmp1 in + let rand_stack1:t_Array u8 (mk_usize 840) = tmp2 in + let rand_stack2:t_Array u8 (mk_usize 840) = tmp3 in + let rand_stack3:t_Array u8 (mk_usize 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = tmp5 in let _:Prims.unit = () in matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack <: (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4))) + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4))) in matrix @@ -144,8 +144,8 @@ let sample_s1_and_s2 Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) s1_s2 in let s1_s2:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (len /! sz 4 <: usize) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (len /! mk_usize 4 <: usize) (fun s1_s2 temp_1_ -> let s1_s2:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = s1_s2 @@ -162,14 +162,14 @@ let sample_s1_and_s2 #v_Shake256X4 eta seed - (4us *! (cast (i <: usize) <: u16) <: u16) + (mk_u16 4 *! (cast (i <: usize) <: u16) <: u16) s1_s2 <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let remainder:usize = len %! sz 4 in + let remainder:usize = len %! mk_usize 4 in let s1_s2:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - if remainder <>. sz 0 + if remainder <>. mk_usize 0 then let s1_s2:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Libcrux_ml_dsa.Sample.sample_four_error_ring_elements #v_SIMDUnit diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst index 1385acbb6..442b48277 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst @@ -45,7 +45,7 @@ let compute_hint in let hint:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 hint - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 1l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 1) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -57,7 +57,7 @@ let infinity_norm_exceeds (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) Libcrux_intrinsics.Avx2_extract.mm256_abs_epi32 simd_unit in let bound:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (bound -! 1l <: i32) + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (bound -! mk_i32 1 <: i32) in let compare_with_bound:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi32 absolute_values bound @@ -65,7 +65,7 @@ let infinity_norm_exceeds (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) let result:i32 = Libcrux_intrinsics.Avx2_extract.mm256_testz_si256 compare_with_bound compare_with_bound in - result <>. 1l + result <>. mk_i32 1 let subtract (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -79,12 +79,12 @@ let shift_left_then_reduce (v_SHIFT_BY: i32) (simd_unit: Libcrux_intrinsics.Avx2 in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l < + | Rust_primitives.Integers.MkInt 95232 -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 ceil_of_r_by_128_ - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 11275l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 11275) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 result - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l < + | Rust_primitives.Integers.MkInt 261888 -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 ceil_of_r_by_128_ - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 1025l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 1025) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 result - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l < r1 in - let alpha:i32 = gamma2 *! 2l in + let alpha:i32 = gamma2 *! mk_i32 2 in let r0_tmp:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 r1 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 alpha @@ -321,10 +321,10 @@ let decompose (gamma2: i32) (r r0 r1: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let field_modulus_halved:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 ((Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS -! - 1l + mk_i32 1 <: i32) /! - 2l + mk_i32 2 <: i32) in @@ -332,7 +332,7 @@ let decompose (gamma2: i32) (r r0 r1: Libcrux_intrinsics.Avx2_extract.t_Vec256) Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 field_modulus_halved r0_tmp in let mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 31l mask + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 (mk_i32 31) mask in let field_modulus_and_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 mask @@ -366,7 +366,7 @@ let use_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 all_zeros hint r0 in let negate_hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 1l negate_hints + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 (mk_i32 1) negate_hints in let hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 hint negate_hints @@ -377,9 +377,9 @@ let use_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let hint, r1_plus_hints:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) = match gamma2 <: i32 with - | 95232l -> + | Rust_primitives.Integers.MkInt 95232 -> let max:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 43l + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 43) in let r1_plus_hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 r1_plus_hints max r1_plus_hints @@ -395,10 +395,10 @@ let use_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = hint, r1_plus_hints <: (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) - | 261888l -> + | Rust_primitives.Integers.MkInt 261888 -> let hint:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 r1_plus_hints - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 15l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 15) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst index 705c073d9..79f851d54 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst @@ -4,22 +4,36 @@ open Core open FStar.Mul let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) = - let serialized:t_Array u8 (sz 19) = Rust_primitives.Hax.repeat 0uy (sz 19) in - let out, serialized:(t_Slice u8 & t_Array u8 (sz 19)) = + let serialized:t_Array u8 (mk_usize 19) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 19) in + let out, serialized:(t_Slice u8 & t_Array u8 (mk_usize 19)) = match cast (Core.Slice.impl__len #u8 out <: usize) <: u8 with - | 4uy -> + | Rust_primitives.Integers.MkInt 4 -> let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 28l 0l 28l 0l 28l 0l 28l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 28) + (mk_i32 0) + (mk_i32 28) + (mk_i32 0) + (mk_i32 28) + (mk_i32 0) + (mk_i32 28) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 28l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 28) adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 2l 4l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 0) + (mk_i32 0) + (mk_i32 0) + (mk_i32 6) + (mk_i32 2) + (mk_i32 4) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -28,19 +42,20 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slic in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 240uy 240uy 240uy 240uy 240uy 240uy 240uy - 240uy 240uy 240uy 240uy 240uy 12uy 4uy 8uy 0uy + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 (mk_u8 240) (mk_u8 240) (mk_u8 240) + (mk_u8 240) (mk_u8 240) (mk_u8 240) (mk_u8 240) (mk_u8 240) (mk_u8 240) (mk_u8 240) + (mk_u8 240) (mk_u8 240) (mk_u8 12) (mk_u8 4) (mk_u8 8) (mk_u8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec128) in - let serialized:t_Array u8 (sz 19) = + let serialized:t_Array u8 (mk_usize 19) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -53,55 +68,74 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slic let out:t_Slice u8 = Core.Slice.impl__copy_from_slice #u8 out - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in - out, serialized <: (t_Slice u8 & t_Array u8 (sz 19)) - | 6uy -> + out, serialized <: (t_Slice u8 & t_Array u8 (mk_usize 19)) + | Rust_primitives.Integers.MkInt 6 -> let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 26l 0l 26l 0l 26l 0l 26l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 26) + (mk_i32 0) + (mk_i32 26) + (mk_i32 0) + (mk_i32 26) + (mk_i32 0) + (mk_i32 26) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 26l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 26) adjacent_2_combined in let adjacent_3_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) - (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) - (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 9) (mk_i8 8) (mk_i8 1) (mk_i8 0) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 9) (mk_i8 8) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_3_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 adjacent_3_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 1s 1s 1s 1s 1s 1s 1s (1s < out, serialized <: (t_Slice u8 & t_Array u8 (sz 19)) + out, serialized <: (t_Slice u8 & t_Array u8 (mk_usize 19)) + | _ -> out, serialized <: (t_Slice u8 & t_Array u8 (mk_usize 19)) in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst index e64d2efe3..8b622f192 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst @@ -8,27 +8,36 @@ let deserialize_to_unsigned_when_eta_is_2_ (bytes: t_Slice u8) = if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 bytes <: usize) =. sz 3 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 3 <: bool) in () in let bytes_in_simd_unit:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (cast (bytes.[ sz 2 ] <: u8) <: i32) - (cast (bytes.[ sz 2 ] <: u8) <: i32) - (((cast (bytes.[ sz 2 ] <: u8) <: i32) < 2l - | Libcrux_ml_dsa.Constants.Eta_Four -> 4l + | Libcrux_ml_dsa.Constants.Eta_Two -> mk_i32 2 + | Libcrux_ml_dsa.Constants.Eta_Four -> mk_i32 4 in let out:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 @@ -95,7 +111,7 @@ let deserialize out let serialize_when_eta_is_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) = - let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in + let serialized:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 serialize_when_eta_is_2___ETA @@ -105,31 +121,49 @@ let serialize_when_eta_is_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec25 in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 29l 0l 29l 0l 29l 0l 29l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 29) + (mk_i32 0) + (mk_i32 29) + (mk_i32 0) + (mk_i32 29) + (mk_i32 0) + (mk_i32 29) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 29l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 29) adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) - (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 8y (-1y) 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) - (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 8y (-1y) 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 8) (mk_i8 (-1)) (mk_i8 0) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 8) (mk_i8 (-1)) + (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 0s 0s 0s 0s 0s 0s (1s < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst index 4e1d65188..652aebc5e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst @@ -11,14 +11,14 @@ let deserialize_when_gamma1_is_2_pow_17_ if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 18 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 18 <: bool) in () in let serialized_lower:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -27,8 +27,8 @@ let deserialize_when_gamma1_is_2_pow_17_ in let serialized_upper:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 2; - Core.Ops.Range.f_end = sz 18 + Core.Ops.Range.f_start = mk_usize 2; + Core.Ops.Range.f_end = mk_usize 18 } <: Core.Ops.Range.t_Range usize ] @@ -40,14 +40,24 @@ let deserialize_when_gamma1_is_2_pow_17_ in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 15y 14y 13y (-1y) 13y 12y 11y (-1y) 11y - 10y 9y (-1y) 9y 8y 7y (-1y) 8y 7y 6y (-1y) 6y 5y 4y (-1y) 4y 3y 2y (-1y) 2y 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 15) (mk_i8 14) (mk_i8 13) + (mk_i8 (-1)) (mk_i8 13) (mk_i8 12) (mk_i8 11) (mk_i8 (-1)) (mk_i8 11) (mk_i8 10) (mk_i8 9) + (mk_i8 (-1)) (mk_i8 9) (mk_i8 8) (mk_i8 7) (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 6) + (mk_i8 (-1)) (mk_i8 6) (mk_i8 5) (mk_i8 4) (mk_i8 (-1)) (mk_i8 4) (mk_i8 3) (mk_i8 2) + (mk_i8 (-1)) (mk_i8 2) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 6l 4l 2l 0l 6l 4l 2l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 6) + (mk_i32 4) + (mk_i32 2) + (mk_i32 0) + (mk_i32 6) + (mk_i32 4) + (mk_i32 2) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -75,14 +85,14 @@ let deserialize_when_gamma1_is_2_pow_19_ if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 20 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 20 <: bool) in () in let serialized_lower:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -91,8 +101,8 @@ let deserialize_when_gamma1_is_2_pow_19_ in let serialized_upper:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 4; - Core.Ops.Range.f_end = sz 20 + Core.Ops.Range.f_start = mk_usize 4; + Core.Ops.Range.f_end = mk_usize 20 } <: Core.Ops.Range.t_Range usize ] @@ -104,14 +114,24 @@ let deserialize_when_gamma1_is_2_pow_19_ in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 15y 14y 13y (-1y) 13y 12y 11y (-1y) 10y - 9y 8y (-1y) 8y 7y 6y (-1y) 9y 8y 7y (-1y) 7y 6y 5y (-1y) 4y 3y 2y (-1y) 2y 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 15) (mk_i8 14) (mk_i8 13) + (mk_i8 (-1)) (mk_i8 13) (mk_i8 12) (mk_i8 11) (mk_i8 (-1)) (mk_i8 10) (mk_i8 9) (mk_i8 8) + (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 (-1)) (mk_i8 9) (mk_i8 8) (mk_i8 7) + (mk_i8 (-1)) (mk_i8 7) (mk_i8 6) (mk_i8 5) (mk_i8 (-1)) (mk_i8 4) (mk_i8 3) (mk_i8 2) + (mk_i8 (-1)) (mk_i8 2) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 4l 0l 4l 0l 4l 0l 4l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 4) + (mk_i32 0) + (mk_i32 4) + (mk_i32 0) + (mk_i32 4) + (mk_i32 0) + (mk_i32 4) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -138,8 +158,8 @@ let deserialize = let out:Libcrux_intrinsics.Avx2_extract.t_Vec256 = match cast (gamma1_exponent <: usize) <: u8 with - | 17uy -> deserialize_when_gamma1_is_2_pow_17_ serialized out - | 19uy -> deserialize_when_gamma1_is_2_pow_19_ serialized out + | Rust_primitives.Integers.MkInt 17 -> deserialize_when_gamma1_is_2_pow_17_ serialized out + | Rust_primitives.Integers.MkInt 19 -> deserialize_when_gamma1_is_2_pow_19_ serialized out | _ -> out in out @@ -148,7 +168,7 @@ let serialize_when_gamma1_is_2_pow_17_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 serialize_when_gamma1_is_2_pow_17___GAMMA1 @@ -158,39 +178,49 @@ let serialize_when_gamma1_is_2_pow_17_ in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 14l 0l 14l 0l 14l 0l 14l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 14) + (mk_i32 0) + (mk_i32 14) + (mk_i32 0) + (mk_i32 14) + (mk_i32 0) + (mk_i32 14) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 14l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 14) adjacent_2_combined in let every_second_element:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 8l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 (mk_i32 8) adjacent_2_combined in let every_second_element_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 36l every_second_element + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 (mk_i32 36) every_second_element in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi64 adjacent_2_combined every_second_element_shifted in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi64 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x 28L 0L 28L 0L + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x (mk_i64 28) + (mk_i64 0) + (mk_i64 28) + (mk_i64 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -201,16 +231,16 @@ let serialize_when_gamma1_is_2_pow_17_ t_Slice u8) in let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) adjacent_4_combined in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 25 } + ({ Core.Ops.Range.f_start = mk_usize 9; Core.Ops.Range.f_end = mk_usize 25 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 9; - Core.Ops.Range.f_end = sz 25 + Core.Ops.Range.f_start = mk_usize 9; + Core.Ops.Range.f_end = mk_usize 25 } <: Core.Ops.Range.t_Range usize ] @@ -223,7 +253,7 @@ let serialize_when_gamma1_is_2_pow_17_ let out:t_Slice u8 = Core.Slice.impl__copy_from_slice #u8 out - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 18 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 18 } <: Core.Ops.Range.t_Range usize ] <: @@ -235,7 +265,7 @@ let serialize_when_gamma1_is_2_pow_19_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 serialize_when_gamma1_is_2_pow_19___GAMMA1 @@ -245,32 +275,41 @@ let serialize_when_gamma1_is_2_pow_19_ in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 12l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 12) adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 12y 11y - 10y 9y 8y 4y 3y 2y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 12y 11y 10y 9y 8y 4y 3y 2y 1y - 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 12) (mk_i8 11) (mk_i8 10) (mk_i8 9) + (mk_i8 8) (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 12) (mk_i8 11) (mk_i8 10) + (mk_i8 9) (mk_i8 8) (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -281,16 +320,16 @@ let serialize_when_gamma1_is_2_pow_19_ t_Slice u8) in let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) adjacent_4_combined in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 26 } + ({ Core.Ops.Range.f_start = mk_usize 10; Core.Ops.Range.f_end = mk_usize 26 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 10; - Core.Ops.Range.f_end = sz 26 + Core.Ops.Range.f_start = mk_usize 10; + Core.Ops.Range.f_end = mk_usize 26 } <: Core.Ops.Range.t_Range usize ] @@ -303,7 +342,7 @@ let serialize_when_gamma1_is_2_pow_19_ let out:t_Slice u8 = Core.Slice.impl__copy_from_slice #u8 out - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 20 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 20 } <: Core.Ops.Range.t_Range usize ] <: @@ -318,8 +357,8 @@ let serialize = let serialized:t_Slice u8 = match cast (gamma1_exponent <: usize) <: u8 with - | 17uy -> serialize_when_gamma1_is_2_pow_17_ simd_unit serialized - | 19uy -> serialize_when_gamma1_is_2_pow_19_ simd_unit serialized + | Rust_primitives.Integers.MkInt 17 -> serialize_when_gamma1_is_2_pow_17_ simd_unit serialized + | Rust_primitives.Integers.MkInt 19 -> serialize_when_gamma1_is_2_pow_19_ simd_unit serialized | _ -> serialized in serialized diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti index 2eef37a40..8ddb1e3f7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti @@ -3,19 +3,19 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1 open Core open FStar.Mul -let deserialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = 1l < Hax_lib.v_assert (left_val =. right_val <: bool) in () in - let serialized_extended:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in - let serialized_extended:t_Array u8 (sz 16) = + let serialized_extended:t_Array u8 (mk_usize 16) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) + in + let serialized_extended:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized_extended - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 13 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 13 } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (serialized_extended.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 13 } + (serialized_extended.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 13 + } <: Core.Ops.Range.t_Range usize ] <: @@ -46,15 +51,24 @@ let deserialize (serialized: t_Slice u8) (out: Libcrux_intrinsics.Avx2_extract.t in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) 12y 11y (-1y) 11y 10y 9y (-1y) - (-1y) 9y 8y (-1y) 8y 7y 6y (-1y) 6y 5y 4y (-1y) (-1y) 4y 3y (-1y) 3y 2y 1y (-1y) (-1y) 1y - 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 12) + (mk_i8 11) (mk_i8 (-1)) (mk_i8 11) (mk_i8 10) (mk_i8 9) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 9) (mk_i8 8) (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 (-1)) (mk_i8 6) + (mk_i8 5) (mk_i8 4) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 4) (mk_i8 3) (mk_i8 (-1)) (mk_i8 3) + (mk_i8 2) (mk_i8 1) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 3l 6l 1l 4l 7l 2l 5l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 3) + (mk_i32 6) + (mk_i32 1) + (mk_i32 4) + (mk_i32 7) + (mk_i32 2) + (mk_i32 5) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -68,57 +82,78 @@ let deserialize (serialized: t_Slice u8) (out: Libcrux_intrinsics.Avx2_extract.t out let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) = - let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in + let serialized:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) in let simd_unit:Libcrux_intrinsics.Avx2_extract.t_Vec256 = change_interval simd_unit in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 19l 0l 19l 0l 19l 0l 19l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 19) + (mk_i32 0) + (mk_i32 19) + (mk_i32 0) + (mk_i32 19) + (mk_i32 0) + (mk_i32 19) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 19l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 19) adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 4l 2l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 0) + (mk_i32 0) + (mk_i32 0) + (mk_i32 6) + (mk_i32 4) + (mk_i32 2) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 6l 0l 6l 0l 6l 0l 6l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 6) + (mk_i32 0) + (mk_i32 6) + (mk_i32 0) + (mk_i32 6) + (mk_i32 0) + (mk_i32 6) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 6l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 6) adjacent_4_combined in let second_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 8l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 (mk_i32 8) adjacent_4_combined in let least_12_bits_shifted_up:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 52l second_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 (mk_i32 52) second_4_combined in let bits_sequential:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi64 adjacent_4_combined least_12_bits_shifted_up in let bits_sequential:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi64 bits_sequential - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x 0L 0L 12L 0L + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x (mk_i64 0) (mk_i64 0) (mk_i64 12) (mk_i64 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let bits_sequential:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 bits_sequential in - let serialized:t_Array u8 (sz 16) = + let serialized:t_Array u8 (mk_usize 16) = Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 serialized bits_sequential in let out:t_Slice u8 = Core.Slice.impl__copy_from_slice #u8 out - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 13 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 13 } <: Core.Ops.Range.t_Range usize ] <: diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti index bc8592ab5..3e4ccefee 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti @@ -6,7 +6,7 @@ open FStar.Mul val change_interval (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -let deserialize__COEFFICIENT_MASK: i32 = (1l < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst index 71cf87a0d..31b3de391 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst @@ -8,46 +8,67 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slic if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 out <: usize) =. sz 10 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 out <: usize) =. mk_usize 10 <: bool) in () in - let serialized:t_Array u8 (sz 24) = Rust_primitives.Hax.repeat 0uy (sz 24) in + let serialized:t_Array u8 (mk_usize 24) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 24) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 22l 0l 22l 0l 22l 0l 22l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 22) + (mk_i32 0) + (mk_i32 22) + (mk_i32 0) + (mk_i32 22) + (mk_i32 0) + (mk_i32 22) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 22l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 22) adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 6l 4l 0l 0l 2l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 0) + (mk_i32 6) + (mk_i32 4) + (mk_i32 0) + (mk_i32 0) + (mk_i32 2) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 12l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 12) adjacent_4_combined in let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in - let serialized:t_Array u8 (sz 24) = + let serialized:t_Array u8 (mk_usize 24) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -58,16 +79,16 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slic t_Slice u8) in let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) adjacent_4_combined in - let serialized:t_Array u8 (sz 24) = + let serialized:t_Array u8 (mk_usize 24) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 21 } + ({ Core.Ops.Range.f_start = mk_usize 5; Core.Ops.Range.f_end = mk_usize 21 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 5; - Core.Ops.Range.f_end = sz 21 + Core.Ops.Range.f_start = mk_usize 5; + Core.Ops.Range.f_end = mk_usize 21 } <: Core.Ops.Range.t_Range usize ] @@ -80,7 +101,7 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slic let out:t_Slice u8 = Core.Slice.impl__copy_from_slice #u8 out - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 10 } <: Core.Ops.Range.t_Range usize ] <: @@ -93,19 +114,24 @@ let deserialize (bytes: t_Slice u8) (out: Libcrux_intrinsics.Avx2_extract.t_Vec2 if true then let _:Prims.unit = - match Core.Slice.impl__len #u8 bytes, sz 10 <: (usize & usize) with + match Core.Slice.impl__len #u8 bytes, mk_usize 10 <: (usize & usize) with | left_val, right_val -> Hax_lib.v_assert (left_val =. right_val <: bool) in () in - let bytes_extended:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in - let bytes_extended:t_Array u8 (sz 16) = + let bytes_extended:t_Array u8 (mk_usize 16) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) + in + let bytes_extended:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range bytes_extended - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 10 } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (bytes_extended.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } + (bytes_extended.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 10 + } <: Core.Ops.Range.t_Range usize ] <: @@ -122,15 +148,24 @@ let deserialize (bytes: t_Slice u8) (out: Libcrux_intrinsics.Avx2_extract.t_Vec2 in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 bytes_loaded - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) 9y 8y (-1y) (-1y) 8y 7y (-1y) - (-1y) 7y 6y (-1y) (-1y) 6y 5y (-1y) (-1y) 4y 3y (-1y) (-1y) 3y 2y (-1y) (-1y) 2y 1y (-1y) - (-1y) 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 9) (mk_i8 8) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 7) + (mk_i8 6) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 6) (mk_i8 5) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 4) (mk_i8 3) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 3) (mk_i8 2) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 2) (mk_i8 1) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 6l 4l 2l 0l 6l 4l 2l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 6) + (mk_i32 4) + (mk_i32 2) + (mk_i32 0) + (mk_i32 6) + (mk_i32 4) + (mk_i32 2) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti index e47831a31..efaa9a8af 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.T1 open Core open FStar.Mul -let deserialize__COEFFICIENT_MASK: i32 = (1l < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst index b51dbfe26..cd5374688 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst @@ -8,10 +8,10 @@ let simd_unit_invert_ntt_at_layer_0_ (zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13: i32) = let a_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l simd_unit0 + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) simd_unit0 in let b_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l simd_unit1 + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) simd_unit1 in let lo_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 a_shuffled b_shuffled @@ -50,7 +50,7 @@ let simd_unit_invert_ntt_at_layer_0_ { Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) a_shuffled } <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 @@ -59,7 +59,7 @@ let simd_unit_invert_ntt_at_layer_0_ { Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) b_shuffled } <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 @@ -69,7 +69,7 @@ let simd_unit_invert_ntt_at_layer_0_ (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) let invert_ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13: i32) = @@ -77,83 +77,100 @@ let invert_ntt_at_layer_0___round Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) = simd_unit_invert_ntt_at_layer_0_ (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13 in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index lhs in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) lhs_1_ + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + (index +! mk_usize 1 <: usize) + lhs_1_ in let _:Prims.unit = () in re -let invert_ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 0) 1976782l (-846154l) 1400424l 3937738l (-1362209l) - (-48306l) 3919660l (-554416l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 2) (-3545687l) 1612842l (-976891l) 183443l (-2286327l) - (-420899l) (-2235985l) (-2939036l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 4) (-3833893l) (-260646l) (-1104333l) (-1667432l) 1910376l - (-1803090l) 1723600l (-426683l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 6) 472078l 1717735l (-975884l) 2213111l 269760l 3866901l - 3523897l (-3038916l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 8) (-1799107l) (-3694233l) 1652634l 810149l 3014001l - 1616392l 162844l (-3183426l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 10) (-1207385l) 185531l 3369112l 1957272l (-164721l) - 2454455l 2432395l (-2013608l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 12) (-3776993l) 594136l (-3724270l) (-2584293l) (-1846953l) - (-1671176l) (-2831860l) (-542412l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 14) 3406031l 2235880l 777191l 1500165l (-1374803l) - (-2546312l) 1917081l (-1279661l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 16) (-1962642l) 3306115l 1312455l (-451100l) (-1430225l) - (-3318210l) 1237275l (-1333058l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 18) (-1050970l) 1903435l 1869119l (-2994039l) (-3548272l) - 2635921l 1250494l (-3767016l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 20) 1595974l 2486353l 1247620l 4055324l 1265009l - (-2590150l) 2691481l 2842341l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 22) 203044l 1735879l (-3342277l) 3437287l 4108315l - (-2437823l) 286988l 342297l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 24) (-3595838l) (-768622l) (-525098l) (-3556995l) 3207046l - 2031748l (-3122442l) (-655327l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 26) (-522500l) (-43260l) (-1613174l) 495491l 819034l - 909542l 1859098l 900702l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 28) (-3193378l) (-1197226l) (-3759364l) (-3520352l) - 3513181l (-1235728l) 2434439l 266997l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 30) (-3562462l) (-2446433l) 2244091l (-3342478l) 3817976l - 2316500l 3407706l 2091667l +let invert_ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 0) (mk_i32 1976782) (mk_i32 (-846154)) + (mk_i32 1400424) (mk_i32 3937738) (mk_i32 (-1362209)) (mk_i32 (-48306)) (mk_i32 3919660) + (mk_i32 (-554416)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 2) (mk_i32 (-3545687)) (mk_i32 1612842) + (mk_i32 (-976891)) (mk_i32 183443) (mk_i32 (-2286327)) (mk_i32 (-420899)) (mk_i32 (-2235985)) + (mk_i32 (-2939036)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 4) (mk_i32 (-3833893)) (mk_i32 (-260646)) + (mk_i32 (-1104333)) (mk_i32 (-1667432)) (mk_i32 1910376) (mk_i32 (-1803090)) (mk_i32 1723600) + (mk_i32 (-426683)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 6) (mk_i32 472078) (mk_i32 1717735) + (mk_i32 (-975884)) (mk_i32 2213111) (mk_i32 269760) (mk_i32 3866901) (mk_i32 3523897) + (mk_i32 (-3038916)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 8) (mk_i32 (-1799107)) (mk_i32 (-3694233)) + (mk_i32 1652634) (mk_i32 810149) (mk_i32 3014001) (mk_i32 1616392) (mk_i32 162844) + (mk_i32 (-3183426)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 10) (mk_i32 (-1207385)) (mk_i32 185531) + (mk_i32 3369112) (mk_i32 1957272) (mk_i32 (-164721)) (mk_i32 2454455) (mk_i32 2432395) + (mk_i32 (-2013608)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 12) (mk_i32 (-3776993)) (mk_i32 594136) + (mk_i32 (-3724270)) (mk_i32 (-2584293)) (mk_i32 (-1846953)) (mk_i32 (-1671176)) + (mk_i32 (-2831860)) (mk_i32 (-542412)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 14) (mk_i32 3406031) (mk_i32 2235880) (mk_i32 777191) + (mk_i32 1500165) (mk_i32 (-1374803)) (mk_i32 (-2546312)) (mk_i32 1917081) (mk_i32 (-1279661)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 16) (mk_i32 (-1962642)) (mk_i32 3306115) + (mk_i32 1312455) (mk_i32 (-451100)) (mk_i32 (-1430225)) (mk_i32 (-3318210)) (mk_i32 1237275) + (mk_i32 (-1333058)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 18) (mk_i32 (-1050970)) (mk_i32 1903435) + (mk_i32 1869119) (mk_i32 (-2994039)) (mk_i32 (-3548272)) (mk_i32 2635921) (mk_i32 1250494) + (mk_i32 (-3767016)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 20) (mk_i32 1595974) (mk_i32 2486353) + (mk_i32 1247620) (mk_i32 4055324) (mk_i32 1265009) (mk_i32 (-2590150)) (mk_i32 2691481) + (mk_i32 2842341) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 22) (mk_i32 203044) (mk_i32 1735879) + (mk_i32 (-3342277)) (mk_i32 3437287) (mk_i32 4108315) (mk_i32 (-2437823)) (mk_i32 286988) + (mk_i32 342297) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 24) (mk_i32 (-3595838)) (mk_i32 (-768622)) + (mk_i32 (-525098)) (mk_i32 (-3556995)) (mk_i32 3207046) (mk_i32 2031748) (mk_i32 (-3122442)) + (mk_i32 (-655327)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 26) (mk_i32 (-522500)) (mk_i32 (-43260)) + (mk_i32 (-1613174)) (mk_i32 495491) (mk_i32 819034) (mk_i32 909542) (mk_i32 1859098) + (mk_i32 900702) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 28) (mk_i32 (-3193378)) (mk_i32 (-1197226)) + (mk_i32 (-3759364)) (mk_i32 (-3520352)) (mk_i32 3513181) (mk_i32 (-1235728)) (mk_i32 2434439) + (mk_i32 266997) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 30) (mk_i32 (-3562462)) (mk_i32 (-2446433)) + (mk_i32 2244091) (mk_i32 (-3342478)) (mk_i32 3817976) (mk_i32 2316500) (mk_i32 3407706) + (mk_i32 2091667) in re @@ -211,7 +228,7 @@ let simd_unit_invert_ntt_at_layer_1_ (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) let invert_ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_00_ zeta_01_ zeta_10_ zeta_11_: i32) = @@ -219,70 +236,152 @@ let invert_ntt_at_layer_1___round Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) = simd_unit_invert_ntt_at_layer_1_ (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value zeta_00_ zeta_01_ zeta_10_ zeta_11_ in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index lhs in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) lhs_1_ + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + (index +! mk_usize 1 <: usize) + lhs_1_ in let _:Prims.unit = () in re -let invert_ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 0) 3839961l (-3628969l) (-3881060l) (-3019102l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 2) (-1439742l) (-812732l) (-1584928l) 1285669l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 4) 1341330l 1315589l (-177440l) (-2409325l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 6) (-1851402l) 3159746l (-3553272l) 189548l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 8) (-1316856l) 759969l (-210977l) 2389356l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 10) (-3249728l) 1653064l (-8578l) (-3724342l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 12) 3958618l 904516l (-1100098l) 44288l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 14) 3097992l 508951l 264944l (-3343383l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 16) (-1430430l) 1852771l 1349076l (-381987l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 18) (-1308169l) (-22981l) (-1228525l) (-671102l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 20) (-2477047l) (-411027l) (-3693493l) (-2967645l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 22) 2715295l 2147896l (-983419l) 3412210l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 24) 126922l (-3632928l) (-3157330l) (-3190144l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 26) (-1000202l) (-4083598l) 1939314l (-1257611l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 28) (-1585221l) 2176455l 3475950l (-1452451l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 30) (-3041255l) (-3677745l) (-1528703l) (-3930395l) +let invert_ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 0) + (mk_i32 3839961) + (mk_i32 (-3628969)) + (mk_i32 (-3881060)) + (mk_i32 (-3019102)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 2) + (mk_i32 (-1439742)) + (mk_i32 (-812732)) + (mk_i32 (-1584928)) + (mk_i32 1285669) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 4) + (mk_i32 1341330) + (mk_i32 1315589) + (mk_i32 (-177440)) + (mk_i32 (-2409325)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 6) + (mk_i32 (-1851402)) + (mk_i32 3159746) + (mk_i32 (-3553272)) + (mk_i32 189548) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 8) + (mk_i32 (-1316856)) + (mk_i32 759969) + (mk_i32 (-210977)) + (mk_i32 2389356) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 10) + (mk_i32 (-3249728)) + (mk_i32 1653064) + (mk_i32 (-8578)) + (mk_i32 (-3724342)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 12) + (mk_i32 3958618) + (mk_i32 904516) + (mk_i32 (-1100098)) + (mk_i32 44288) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 14) + (mk_i32 3097992) + (mk_i32 508951) + (mk_i32 264944) + (mk_i32 (-3343383)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 16) + (mk_i32 (-1430430)) + (mk_i32 1852771) + (mk_i32 1349076) + (mk_i32 (-381987)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 18) + (mk_i32 (-1308169)) + (mk_i32 (-22981)) + (mk_i32 (-1228525)) + (mk_i32 (-671102)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 20) + (mk_i32 (-2477047)) + (mk_i32 (-411027)) + (mk_i32 (-3693493)) + (mk_i32 (-2967645)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 22) + (mk_i32 2715295) + (mk_i32 2147896) + (mk_i32 (-983419)) + (mk_i32 3412210) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 24) + (mk_i32 126922) + (mk_i32 (-3632928)) + (mk_i32 (-3157330)) + (mk_i32 (-3190144)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 26) + (mk_i32 (-1000202)) + (mk_i32 (-4083598)) + (mk_i32 1939314) + (mk_i32 (-1257611)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 28) + (mk_i32 (-1585221)) + (mk_i32 2176455) + (mk_i32 3475950) + (mk_i32 (-1452451)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 30) + (mk_i32 (-3041255)) + (mk_i32 (-3677745)) + (mk_i32 (-1528703)) + (mk_i32 (-3930395)) in re @@ -291,10 +390,10 @@ let simd_unit_invert_ntt_at_layer_2_ (zeta0 zeta1: i32) = let lo_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 32l simd_unit0 simd_unit1 + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 32) simd_unit0 simd_unit1 in let hi_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 49l simd_unit0 simd_unit1 + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 49) simd_unit0 simd_unit1 in let differences:Libcrux_intrinsics.Avx2_extract.t_Vec256 = hi_values in let differences:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -314,7 +413,7 @@ let simd_unit_invert_ntt_at_layer_2_ { Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 32l sums differences + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 32) sums differences } <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 @@ -323,7 +422,7 @@ let simd_unit_invert_ntt_at_layer_2_ { Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 49l sums differences + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 49) sums differences } <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 @@ -333,7 +432,7 @@ let simd_unit_invert_ntt_at_layer_2_ (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) let invert_ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta1 zeta2: i32) = @@ -341,86 +440,88 @@ let invert_ntt_at_layer_2___round Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) = simd_unit_invert_ntt_at_layer_2_ (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value zeta1 zeta2 in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index lhs in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) lhs_1_ + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + (index +! mk_usize 1 <: usize) + lhs_1_ in let _:Prims.unit = () in re -let invert_ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 0) (-2797779l) 2071892l +let invert_ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 0) (mk_i32 (-2797779)) (mk_i32 2071892) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 2) (-2556880l) 3900724l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 2) (mk_i32 (-2556880)) (mk_i32 3900724) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 4) 3881043l 954230l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 4) (mk_i32 3881043) (mk_i32 954230) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 6) 531354l 811944l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 6) (mk_i32 531354) (mk_i32 811944) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 8) 3699596l (-1600420l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 8) (mk_i32 3699596) (mk_i32 (-1600420)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 10) (-2140649l) 3507263l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 10) (mk_i32 (-2140649)) (mk_i32 3507263) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 12) (-3821735l) 3505694l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 12) (mk_i32 (-3821735)) (mk_i32 3505694) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 14) (-1643818l) (-1699267l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 14) (mk_i32 (-1643818)) (mk_i32 (-1699267)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 16) (-539299l) 2348700l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 16) (mk_i32 (-539299)) (mk_i32 2348700) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 18) (-300467l) 3539968l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 18) (mk_i32 (-300467)) (mk_i32 3539968) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 20) (-2867647l) 3574422l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 20) (mk_i32 (-2867647)) (mk_i32 3574422) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 22) (-3043716l) (-3861115l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 22) (mk_i32 (-3043716)) (mk_i32 (-3861115)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 24) 3915439l (-2537516l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 24) (mk_i32 3915439) (mk_i32 (-2537516)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 26) (-3592148l) (-1661693l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 26) (mk_i32 (-3592148)) (mk_i32 (-1661693)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 28) 3530437l 3077325l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 28) (mk_i32 3530437) (mk_i32 3077325) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 30) 95776l 2706023l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 30) (mk_i32 95776) (mk_i32 2706023) in re let outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Folds.fold_range v_OFFSET (v_OFFSET +! v_STEP_BY <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let _:usize = temp_1_ in true) re (fun re j -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let j:usize = j in let a_minus_b:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (re.[ j +! v_STEP_BY <: usize ] @@ -430,7 +531,7 @@ let outer_3_plus (re.[ j ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re j ({ @@ -449,7 +550,7 @@ let outer_3_plus <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) ({ @@ -467,154 +568,154 @@ let outer_3_plus in re -let invert_ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 0) (sz 1) 280005l re +let invert_ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 1) (mk_i32 280005) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 2) (sz 1) 4010497l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 2) (mk_usize 1) (mk_i32 4010497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 4) (sz 1) (-19422l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 1) (mk_i32 (-19422)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 6) (sz 1) 1757237l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 6) (mk_usize 1) (mk_i32 1757237) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 8) (sz 1) (-3277672l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 1) (mk_i32 (-3277672)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 10) (sz 1) (-1399561l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 10) (mk_usize 1) (mk_i32 (-1399561)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 12) (sz 1) (-3859737l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 1) (mk_i32 (-3859737)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 14) (sz 1) (-2118186l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 14) (mk_usize 1) (mk_i32 (-2118186)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 16) (sz 1) (-2108549l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 1) (mk_i32 (-2108549)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 18) (sz 1) 2619752l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 18) (mk_usize 1) (mk_i32 2619752) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 20) (sz 1) (-1119584l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 1) (mk_i32 (-1119584)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 22) (sz 1) (-549488l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 22) (mk_usize 1) (mk_i32 (-549488)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 24) (sz 1) 3585928l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 1) (mk_i32 3585928) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 26) (sz 1) (-1079900l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 26) (mk_usize 1) (mk_i32 (-1079900)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 28) (sz 1) 1024112l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 1) (mk_i32 1024112) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 30) (sz 1) 2725464l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 30) (mk_usize 1) (mk_i32 2725464) re in re -let invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 0) (sz 2) 2680103l re +let invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 2) (mk_i32 2680103) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 4) (sz 2) 3111497l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 2) (mk_i32 3111497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 8) (sz 2) (-2884855l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 2) (mk_i32 (-2884855)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 12) (sz 2) 3119733l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 2) (mk_i32 3119733) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 16) (sz 2) (-2091905l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 2) (mk_i32 (-2091905)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 20) (sz 2) (-359251l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 2) (mk_i32 (-359251)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 24) (sz 2) 2353451l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 2) (mk_i32 2353451) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 28) (sz 2) 1826347l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 2) (mk_i32 1826347) re in re -let invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 0) (sz 4) 466468l re +let invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 4) (mk_i32 466468) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 8) (sz 4) (-876248l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 4) (mk_i32 (-876248)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 16) (sz 4) (-777960l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 4) (mk_i32 (-777960)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 24) (sz 4) 237124l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 4) (mk_i32 237124) re in re -let invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 0) (sz 8) (-518909l) re +let invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 8) (mk_i32 (-518909)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 16) (sz 8) (-2608894l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 8) (mk_i32 (-2608894)) re in re -let invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 0) (sz 16) 25847l re +let invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 16) (mk_i32 25847) re in re let invert_ntt_montgomery__inv_inner - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_0_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_1_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_2_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_3_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_4_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_5_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_6_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_7_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (re <: t_Slice Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let _:usize = temp_1_ in true) re (fun re i -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let i:usize = i in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re i @@ -632,12 +733,12 @@ let invert_ntt_montgomery__inv_inner <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) <: - t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) in re -let invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = +let invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_montgomery__inv_inner re in re diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti index 0903ff088..284035829 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti @@ -3,29 +3,29 @@ module Libcrux_ml_dsa.Simd.Avx2.Invntt open Core open FStar.Mul -let invert_ntt_at_layer_3___STEP: usize = sz 8 +let invert_ntt_at_layer_3___STEP: usize = mk_usize 8 -let invert_ntt_at_layer_3___STEP_BY: usize = sz 1 +let invert_ntt_at_layer_3___STEP_BY: usize = mk_usize 1 -let invert_ntt_at_layer_4___STEP: usize = sz 16 +let invert_ntt_at_layer_4___STEP: usize = mk_usize 16 -let invert_ntt_at_layer_4___STEP_BY: usize = sz 2 +let invert_ntt_at_layer_4___STEP_BY: usize = mk_usize 2 -let invert_ntt_at_layer_5___STEP: usize = sz 32 +let invert_ntt_at_layer_5___STEP: usize = mk_usize 32 -let invert_ntt_at_layer_5___STEP_BY: usize = sz 4 +let invert_ntt_at_layer_5___STEP_BY: usize = mk_usize 4 -let invert_ntt_at_layer_6___STEP: usize = sz 64 +let invert_ntt_at_layer_6___STEP: usize = mk_usize 64 -let invert_ntt_at_layer_6___STEP_BY: usize = sz 8 +let invert_ntt_at_layer_6___STEP_BY: usize = mk_usize 8 -let invert_ntt_at_layer_7___STEP: usize = sz 128 +let invert_ntt_at_layer_7___STEP: usize = mk_usize 128 -let invert_ntt_at_layer_7___STEP_BY: usize = sz 16 +let invert_ntt_at_layer_7___STEP_BY: usize = mk_usize 16 -let invert_ntt_montgomery__inv_inner__FACTOR: i32 = 41978l +let invert_ntt_montgomery__inv_inner__FACTOR: i32 = mk_i32 41978 -let simd_unit_invert_ntt_at_layer_0___SHUFFLE: i32 = 216l +let simd_unit_invert_ntt_at_layer_0___SHUFFLE: i32 = mk_i32 216 val simd_unit_invert_ntt_at_layer_0_ (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -35,15 +35,15 @@ val simd_unit_invert_ntt_at_layer_0_ ) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -55,15 +55,15 @@ val simd_unit_invert_ntt_at_layer_1_ ) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_00_ zeta_01_ zeta_10_ zeta_11_: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -75,58 +75,58 @@ val simd_unit_invert_ntt_at_layer_2_ ) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta1 zeta2: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_montgomery__inv_inner - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst index e57e38802..13195ddb5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst @@ -4,7 +4,7 @@ open Core open FStar.Mul let ntt_at_layer_7_and_6___mul - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta: Libcrux_intrinsics.Avx2_extract.t_Vec256) (step_by: usize) @@ -19,12 +19,12 @@ let ntt_at_layer_7_and_6___mul in let prod13:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 - 245l + (mk_i32 245) (re.[ index +! step_by <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value <: Libcrux_intrinsics.Avx2_extract.t_Vec256) - (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l zeta + (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) zeta <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -47,17 +47,17 @@ let ntt_at_layer_7_and_6___mul Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod13 c13 in let res02_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l res02 + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) res02 in let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l res02_shifted res13 + Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 (mk_i32 170) res02_shifted res13 in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! step_by <: usize) (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! step_by <: usize) ({ @@ -75,7 +75,7 @@ let ntt_at_layer_7_and_6___mul <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index ({ @@ -96,18 +96,18 @@ let ntt_at_layer_7_and_6___mul re let butterfly_2_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_a0 zeta_a1 zeta_a2 zeta_a3 zeta_b0 zeta_b1 zeta_b2 zeta_b3: i32) = let a:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in let b:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in let summands:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -141,26 +141,26 @@ let butterfly_2_ let b_terms_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 add_terms sub_terms in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index ({ Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a_terms_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) a_terms_shuffled <: Libcrux_intrinsics.Avx2_extract.t_Vec256 } <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - (index +! sz 1 <: usize) + (index +! mk_usize 1 <: usize) ({ Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b_terms_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) b_terms_shuffled <: Libcrux_intrinsics.Avx2_extract.t_Vec256 } @@ -170,7 +170,7 @@ let butterfly_2_ re let butterfly_4_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_a0 zeta_a1 zeta_b0 zeta_b1: i32) = @@ -179,7 +179,7 @@ let butterfly_4_ <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in let zeta_products:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -187,7 +187,7 @@ let butterfly_4_ <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -209,7 +209,7 @@ let butterfly_4_ let add_terms:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 summands zeta_products in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index ({ @@ -222,9 +222,9 @@ let butterfly_4_ <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - (index +! sz 1 <: usize) + (index +! mk_usize 1 <: usize) ({ Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = @@ -238,13 +238,13 @@ let butterfly_4_ re let butterfly_8_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta0 zeta1: i32) = let summands:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_m128i (Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value <: Libcrux_intrinsics.Avx2_extract.t_Vec128) @@ -256,8 +256,8 @@ let butterfly_8_ Libcrux_intrinsics.Avx2_extract.t_Vec128) in let zeta_products:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 19l - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 19) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value @@ -274,7 +274,7 @@ let butterfly_8_ let add_terms:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 summands zeta_products in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index ({ @@ -293,13 +293,13 @@ let butterfly_8_ <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - (index +! sz 1 <: usize) + (index +! mk_usize 1 <: usize) ({ Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 19l sub_terms add_terms + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 19) sub_terms add_terms <: Libcrux_intrinsics.Avx2_extract.t_Vec256 } @@ -308,175 +308,259 @@ let butterfly_8_ in re -let ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 0) 2091667l 3407706l 2316500l 3817976l (-3342478l) 2244091l (-2446433l) - (-3562462l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 2) 266997l 2434439l (-1235728l) 3513181l (-3520352l) (-3759364l) (-1197226l) - (-3193378l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 4) 900702l 1859098l 909542l 819034l 495491l (-1613174l) (-43260l) (-522500l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 6) (-655327l) (-3122442l) 2031748l 3207046l (-3556995l) (-525098l) - (-768622l) (-3595838l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 8) 342297l 286988l (-2437823l) 4108315l 3437287l (-3342277l) 1735879l - 203044l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 10) 2842341l 2691481l (-2590150l) 1265009l 4055324l 1247620l 2486353l - 1595974l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 12) (-3767016l) 1250494l 2635921l (-3548272l) (-2994039l) 1869119l 1903435l - (-1050970l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 14) (-1333058l) 1237275l (-3318210l) (-1430225l) (-451100l) 1312455l - 3306115l (-1962642l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 16) (-1279661l) 1917081l (-2546312l) (-1374803l) 1500165l 777191l 2235880l - 3406031l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 18) (-542412l) (-2831860l) (-1671176l) (-1846953l) (-2584293l) (-3724270l) - 594136l (-3776993l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 20) (-2013608l) 2432395l 2454455l (-164721l) 1957272l 3369112l 185531l - (-1207385l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 22) (-3183426l) 162844l 1616392l 3014001l 810149l 1652634l (-3694233l) - (-1799107l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 24) (-3038916l) 3523897l 3866901l 269760l 2213111l (-975884l) 1717735l - 472078l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 26) (-426683l) 1723600l (-1803090l) 1910376l (-1667432l) (-1104333l) - (-260646l) (-3833893l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 28) (-2939036l) (-2235985l) (-420899l) (-2286327l) 183443l (-976891l) - 1612842l (-3545687l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 30) (-554416l) 3919660l (-48306l) (-1362209l) 3937738l 1400424l (-846154l) - 1976782l +let ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 0) (mk_i32 2091667) (mk_i32 3407706) (mk_i32 2316500) (mk_i32 3817976) + (mk_i32 (-3342478)) (mk_i32 2244091) (mk_i32 (-2446433)) (mk_i32 (-3562462)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 2) (mk_i32 266997) (mk_i32 2434439) (mk_i32 (-1235728)) + (mk_i32 3513181) (mk_i32 (-3520352)) (mk_i32 (-3759364)) (mk_i32 (-1197226)) + (mk_i32 (-3193378)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 4) (mk_i32 900702) (mk_i32 1859098) (mk_i32 909542) (mk_i32 819034) + (mk_i32 495491) (mk_i32 (-1613174)) (mk_i32 (-43260)) (mk_i32 (-522500)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 6) (mk_i32 (-655327)) (mk_i32 (-3122442)) (mk_i32 2031748) + (mk_i32 3207046) (mk_i32 (-3556995)) (mk_i32 (-525098)) (mk_i32 (-768622)) (mk_i32 (-3595838)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 8) (mk_i32 342297) (mk_i32 286988) (mk_i32 (-2437823)) + (mk_i32 4108315) (mk_i32 3437287) (mk_i32 (-3342277)) (mk_i32 1735879) (mk_i32 203044) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 10) (mk_i32 2842341) (mk_i32 2691481) (mk_i32 (-2590150)) + (mk_i32 1265009) (mk_i32 4055324) (mk_i32 1247620) (mk_i32 2486353) (mk_i32 1595974) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 12) (mk_i32 (-3767016)) (mk_i32 1250494) (mk_i32 2635921) + (mk_i32 (-3548272)) (mk_i32 (-2994039)) (mk_i32 1869119) (mk_i32 1903435) (mk_i32 (-1050970)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 14) (mk_i32 (-1333058)) (mk_i32 1237275) (mk_i32 (-3318210)) + (mk_i32 (-1430225)) (mk_i32 (-451100)) (mk_i32 1312455) (mk_i32 3306115) (mk_i32 (-1962642)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 16) (mk_i32 (-1279661)) (mk_i32 1917081) (mk_i32 (-2546312)) + (mk_i32 (-1374803)) (mk_i32 1500165) (mk_i32 777191) (mk_i32 2235880) (mk_i32 3406031) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 18) (mk_i32 (-542412)) (mk_i32 (-2831860)) (mk_i32 (-1671176)) + (mk_i32 (-1846953)) (mk_i32 (-2584293)) (mk_i32 (-3724270)) (mk_i32 594136) + (mk_i32 (-3776993)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 20) (mk_i32 (-2013608)) (mk_i32 2432395) (mk_i32 2454455) + (mk_i32 (-164721)) (mk_i32 1957272) (mk_i32 3369112) (mk_i32 185531) (mk_i32 (-1207385)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 22) (mk_i32 (-3183426)) (mk_i32 162844) (mk_i32 1616392) + (mk_i32 3014001) (mk_i32 810149) (mk_i32 1652634) (mk_i32 (-3694233)) (mk_i32 (-1799107)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 24) (mk_i32 (-3038916)) (mk_i32 3523897) (mk_i32 3866901) + (mk_i32 269760) (mk_i32 2213111) (mk_i32 (-975884)) (mk_i32 1717735) (mk_i32 472078) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 26) (mk_i32 (-426683)) (mk_i32 1723600) (mk_i32 (-1803090)) + (mk_i32 1910376) (mk_i32 (-1667432)) (mk_i32 (-1104333)) (mk_i32 (-260646)) + (mk_i32 (-3833893)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 28) (mk_i32 (-2939036)) (mk_i32 (-2235985)) (mk_i32 (-420899)) + (mk_i32 (-2286327)) (mk_i32 183443) (mk_i32 (-976891)) (mk_i32 1612842) (mk_i32 (-3545687)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 30) (mk_i32 (-554416)) (mk_i32 3919660) (mk_i32 (-48306)) + (mk_i32 (-1362209)) (mk_i32 3937738) (mk_i32 1400424) (mk_i32 (-846154)) (mk_i32 1976782) in re -let ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 0) (-3930395l) (-1528703l) (-3677745l) (-3041255l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 2) (-1452451l) 3475950l 2176455l (-1585221l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 4) (-1257611l) 1939314l (-4083598l) (-1000202l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 6) (-3190144l) (-3157330l) (-3632928l) 126922l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 8) 3412210l (-983419l) 2147896l 2715295l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 10) (-2967645l) (-3693493l) (-411027l) (-2477047l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 12) (-671102l) (-1228525l) (-22981l) (-1308169l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 14) (-381987l) 1349076l 1852771l (-1430430l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 16) (-3343383l) 264944l 508951l 3097992l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 18) 44288l (-1100098l) 904516l 3958618l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 20) (-3724342l) (-8578l) 1653064l (-3249728l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 22) 2389356l (-210977l) 759969l (-1316856l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 24) 189548l (-3553272l) 3159746l (-1851402l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 26) (-2409325l) (-177440l) 1315589l 1341330l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 28) 1285669l (-1584928l) (-812732l) (-1439742l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 30) (-3019102l) (-3881060l) (-3628969l) 3839961l +let ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 0) + (mk_i32 (-3930395)) + (mk_i32 (-1528703)) + (mk_i32 (-3677745)) + (mk_i32 (-3041255)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 2) + (mk_i32 (-1452451)) + (mk_i32 3475950) + (mk_i32 2176455) + (mk_i32 (-1585221)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 4) + (mk_i32 (-1257611)) + (mk_i32 1939314) + (mk_i32 (-4083598)) + (mk_i32 (-1000202)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 6) + (mk_i32 (-3190144)) + (mk_i32 (-3157330)) + (mk_i32 (-3632928)) + (mk_i32 126922) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 8) + (mk_i32 3412210) + (mk_i32 (-983419)) + (mk_i32 2147896) + (mk_i32 2715295) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 10) + (mk_i32 (-2967645)) + (mk_i32 (-3693493)) + (mk_i32 (-411027)) + (mk_i32 (-2477047)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 12) + (mk_i32 (-671102)) + (mk_i32 (-1228525)) + (mk_i32 (-22981)) + (mk_i32 (-1308169)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 14) + (mk_i32 (-381987)) + (mk_i32 1349076) + (mk_i32 1852771) + (mk_i32 (-1430430)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 16) + (mk_i32 (-3343383)) + (mk_i32 264944) + (mk_i32 508951) + (mk_i32 3097992) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 18) + (mk_i32 44288) + (mk_i32 (-1100098)) + (mk_i32 904516) + (mk_i32 3958618) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 20) + (mk_i32 (-3724342)) + (mk_i32 (-8578)) + (mk_i32 1653064) + (mk_i32 (-3249728)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 22) + (mk_i32 2389356) + (mk_i32 (-210977)) + (mk_i32 759969) + (mk_i32 (-1316856)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 24) + (mk_i32 189548) + (mk_i32 (-3553272)) + (mk_i32 3159746) + (mk_i32 (-1851402)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 26) + (mk_i32 (-2409325)) + (mk_i32 (-177440)) + (mk_i32 1315589) + (mk_i32 1341330) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 28) + (mk_i32 1285669) + (mk_i32 (-1584928)) + (mk_i32 (-812732)) + (mk_i32 (-1439742)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 30) + (mk_i32 (-3019102)) + (mk_i32 (-3881060)) + (mk_i32 (-3628969)) + (mk_i32 3839961) in re -let ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 0) 2706023l 95776l +let ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 0) (mk_i32 2706023) (mk_i32 95776) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 2) 3077325l 3530437l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 2) (mk_i32 3077325) (mk_i32 3530437) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 4) (-1661693l) (-3592148l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 4) (mk_i32 (-1661693)) (mk_i32 (-3592148)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 6) (-2537516l) 3915439l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 6) (mk_i32 (-2537516)) (mk_i32 3915439) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 8) (-3861115l) (-3043716l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 8) (mk_i32 (-3861115)) (mk_i32 (-3043716)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 10) 3574422l (-2867647l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 10) (mk_i32 3574422) (mk_i32 (-2867647)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 12) 3539968l (-300467l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 12) (mk_i32 3539968) (mk_i32 (-300467)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 14) 2348700l (-539299l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 14) (mk_i32 2348700) (mk_i32 (-539299)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 16) (-1699267l) (-1643818l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 16) (mk_i32 (-1699267)) (mk_i32 (-1643818)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 18) 3505694l (-3821735l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 18) (mk_i32 3505694) (mk_i32 (-3821735)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 20) 3507263l (-2140649l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 20) (mk_i32 3507263) (mk_i32 (-2140649)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 22) (-1600420l) 3699596l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 22) (mk_i32 (-1600420)) (mk_i32 3699596) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 24) 811944l 531354l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 24) (mk_i32 811944) (mk_i32 531354) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 26) 954230l 3881043l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 26) (mk_i32 954230) (mk_i32 3881043) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 28) 3900724l (-2556880l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 28) (mk_i32 3900724) (mk_i32 (-2556880)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 30) 2071892l (-2797779l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 30) (mk_i32 2071892) (mk_i32 (-2797779)) in re -let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = +let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS in @@ -488,272 +572,272 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve i32) in let zeta7:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 25847l + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 25847) in let zeta60:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (-2608894l) + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 (-2608894)) in let zeta61:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (-518909l) + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 (-518909)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0) + (mk_usize 0) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 1 <: usize) + (mk_usize 0 +! mk_usize 1 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 2 <: usize) + (mk_usize 0 +! mk_usize 2 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 3 <: usize) + (mk_usize 0 +! mk_usize 3 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 8) + (mk_usize 8) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 8 +! sz 1 <: usize) + (mk_usize 8 +! mk_usize 1 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 8 +! sz 2 <: usize) + (mk_usize 8 +! mk_usize 2 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 8 +! sz 3 <: usize) + (mk_usize 8 +! mk_usize 3 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0) + (mk_usize 0) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 1 <: usize) + (mk_usize 0 +! mk_usize 1 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 2 <: usize) + (mk_usize 0 +! mk_usize 2 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 3 <: usize) + (mk_usize 0 +! mk_usize 3 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 16) + (mk_usize 16) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 16 +! sz 1 <: usize) + (mk_usize 16 +! mk_usize 1 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 16 +! sz 2 <: usize) + (mk_usize 16 +! mk_usize 2 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 16 +! sz 3 <: usize) + (mk_usize 16 +! mk_usize 3 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4) + (mk_usize 4) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 1 <: usize) + (mk_usize 4 +! mk_usize 1 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 2 <: usize) + (mk_usize 4 +! mk_usize 2 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 3 <: usize) + (mk_usize 4 +! mk_usize 3 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 12) + (mk_usize 12) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 12 +! sz 1 <: usize) + (mk_usize 12 +! mk_usize 1 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 12 +! sz 2 <: usize) + (mk_usize 12 +! mk_usize 2 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 12 +! sz 3 <: usize) + (mk_usize 12 +! mk_usize 3 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4) + (mk_usize 4) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 1 <: usize) + (mk_usize 4 +! mk_usize 1 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 2 <: usize) + (mk_usize 4 +! mk_usize 2 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 3 <: usize) + (mk_usize 4 +! mk_usize 3 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 20) + (mk_usize 20) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 20 +! sz 1 <: usize) + (mk_usize 20 +! mk_usize 1 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 20 +! sz 2 <: usize) + (mk_usize 20 +! mk_usize 2 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 20 +! sz 3 <: usize) + (mk_usize 20 +! mk_usize 3 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus @@ -764,7 +848,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve let ntt_at_layer_5_to_3___round (v_STEP v_STEP_BY: usize) - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta: i32) = @@ -772,21 +856,21 @@ let ntt_at_layer_5_to_3___round Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 zeta in let offset:usize = - ((index *! v_STEP <: usize) *! sz 2 <: usize) /! + ((index *! v_STEP <: usize) *! mk_usize 2 <: usize) /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Folds.fold_range offset (offset +! v_STEP_BY <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let _:usize = temp_1_ in true) re (fun re j -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let j:usize = j in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) ({ @@ -814,7 +898,7 @@ let ntt_at_layer_5_to_3___round (re.[ j +! v_STEP_BY <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re j ({ @@ -833,7 +917,7 @@ let ntt_at_layer_5_to_3___round <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) ({ Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = tmp } @@ -844,105 +928,109 @@ let ntt_at_layer_5_to_3___round in re -let ntt_at_layer_5_to_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 0) 237124l +let ntt_at_layer_5_to_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 32) (mk_usize 4) re (mk_usize 0) (mk_i32 237124) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 1) (-777960l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 32) (mk_usize 4) re (mk_usize 1) (mk_i32 (-777960)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 2) (-876248l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 32) (mk_usize 4) re (mk_usize 2) (mk_i32 (-876248)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 3) 466468l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 32) (mk_usize 4) re (mk_usize 3) (mk_i32 466468) in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 0) 1826347l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 0) (mk_i32 1826347) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 1) 2353451l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 1) (mk_i32 2353451) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 2) (-359251l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 2) (mk_i32 (-359251)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 3) (-2091905l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 3) (mk_i32 (-2091905)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 4) 3119733l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 4) (mk_i32 3119733) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 5) (-2884855l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 5) (mk_i32 (-2884855)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 6) 3111497l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 6) (mk_i32 3111497) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 7) 2680103l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 7) (mk_i32 2680103) in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 0) 2725464l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 0) (mk_i32 2725464) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 1) 1024112l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 1) (mk_i32 1024112) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 2) (-1079900l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 2) (mk_i32 (-1079900)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 3) 3585928l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 3) (mk_i32 3585928) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 4) (-549488l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 4) (mk_i32 (-549488)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 5) (-1119584l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 5) (mk_i32 (-1119584)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 6) 2619752l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 6) (mk_i32 2619752) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 7) (-2108549l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 7) (mk_i32 (-2108549)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 8) (-2118186l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 8) (mk_i32 (-2118186)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 9) (-3859737l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 9) (mk_i32 (-3859737)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 10) (-1399561l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 10) (mk_i32 (-1399561)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 11) (-3277672l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 11) (mk_i32 (-3277672)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 12) 1757237l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 12) (mk_i32 1757237) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 13) (-19422l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 13) (mk_i32 (-19422)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 14) 4010497l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 14) (mk_i32 4010497) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 15) 280005l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 15) (mk_i32 280005) in let _:Prims.unit = () in let _:Prims.unit = () <: Prims.unit in re -let ntt__avx2_ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt_at_layer_7_and_6_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt_at_layer_5_to_3_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt_at_layer_2_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt_at_layer_1_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt_at_layer_0_ re in +let ntt__avx2_ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_7_and_6_ re + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3_ re + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_2_ re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_1_ re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_0_ re in re -let ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt__avx2_ntt re in +let ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt__avx2_ntt re in re diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti index 02c44d807..f16dbd4d8 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti @@ -3,21 +3,21 @@ module Libcrux_ml_dsa.Simd.Avx2.Ntt open Core open FStar.Mul -let butterfly_2___SHUFFLE: i32 = 216l +let butterfly_2___SHUFFLE: i32 = mk_i32 216 -let ntt_at_layer_5_to_3___STEP: usize = sz 1 < Prims.l_True) @@ -31,81 +31,81 @@ let ntt_at_layer_5_to_3___STEP_BY_2: usize = ntt_at_layer_5_to_3___STEP_2 /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT let ntt_at_layer_7_and_6___STEP_BY_6_: usize = - (sz 1 < Prims.l_True) val butterfly_4_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_a0 zeta_a1 zeta_b0 zeta_b1: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val butterfly_8_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta0 zeta1: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// This is equivalent to the pqclean 0 and 1 /// This does 32 Montgomery multiplications (192 multiplications). /// This is the same as in pqclean. The only difference is locality of registers. -val ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val ntt_at_layer_5_to_3___round (v_STEP v_STEP_BY: usize) - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Layer 5, 4, 3 /// Each layer does 16 Montgomery multiplications -> 3*16 = 48 total /// pqclean does 4 * 4 on each layer -> 48 total | plus 4 * 4 shuffles every time (48) -val ntt_at_layer_5_to_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt_at_layer_5_to_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt__avx2_ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt__avx2_ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst index ad5c4fcc5..cbdcfe0f0 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst @@ -5,19 +5,19 @@ open FStar.Mul let shift_interval (v_ETA: usize) (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) = match cast (v_ETA <: usize) <: u8 with - | 2uy -> + | Rust_primitives.Integers.MkInt 2 -> let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 26l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 26) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 7l quotient + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 (mk_i32 7) quotient in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 quotient - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 5l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 5) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -29,7 +29,7 @@ let shift_interval (v_ETA: usize) (coefficients: Libcrux_intrinsics.Avx2_extract <: Libcrux_intrinsics.Avx2_extract.t_Vec256) coefficients_mod_5_ - | 4uy -> + | Rust_primitives.Integers.MkInt 4 -> Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (cast (v_ETA <: usize) <: i32) <: @@ -50,8 +50,8 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = in let (interval_boundary: i32):i32 = match cast (v_ETA <: usize) <: u8 with - | 2uy -> 15l - | 4uy -> 9l + | Rust_primitives.Integers.MkInt 2 -> mk_i32 15 + | Rust_primitives.Integers.MkInt 4 -> mk_i32 9 | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -71,12 +71,12 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = <: u8) in - let good_lower_half:i32 = good &. 15l in - let good_upper_half:i32 = good >>! 4l in + let good_lower_half:i32 = good &. mk_i32 15 in + let good_upper_half:i32 = good >>! mk_i32 4 in let shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = shift_interval v_ETA potential_coefficients in - let lower_shuffles:t_Array u8 (sz 16) = + let lower_shuffles:t_Array u8 (mk_usize 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_lower_half <: i32) @@ -94,12 +94,12 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = in let output:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 4 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize ] @@ -110,7 +110,7 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = t_Slice i32) in let sampled_count:usize = cast (Core.Num.impl__i32__count_ones good_lower_half <: u32) <: usize in - let upper_shuffles:t_Array u8 (sz 16) = + let upper_shuffles:t_Array u8 (mk_usize 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_upper_half <: i32) @@ -121,7 +121,7 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l shifted + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) shifted in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles @@ -130,13 +130,13 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output ({ Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 4 <: usize } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 4 <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst index f3d66cf87..099c9b2ad 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst @@ -8,18 +8,21 @@ let bytestream_to_potential_coefficients (serialized: t_Slice u8) = if true then let _:Prims.unit = - match Core.Slice.impl__len #u8 serialized, sz 24 <: (usize & usize) with + match Core.Slice.impl__len #u8 serialized, mk_usize 24 <: (usize & usize) with | left_val, right_val -> Hax_lib.v_assert (left_val =. right_val <: bool) in () in - let serialized_extended:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let serialized_extended:t_Array u8 (sz 32) = + let serialized_extended:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) + in + let serialized_extended:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_to serialized_extended - ({ Core.Ops.Range.f_end = sz 24 } <: Core.Ops.Range.t_RangeTo usize) + ({ Core.Ops.Range.f_end = mk_usize 24 } <: Core.Ops.Range.t_RangeTo usize) (Core.Slice.impl__copy_from_slice #u8 - (serialized_extended.[ { Core.Ops.Range.f_end = sz 24 } <: Core.Ops.Range.t_RangeTo usize - ] + (serialized_extended.[ { Core.Ops.Range.f_end = mk_usize 24 } + <: + Core.Ops.Range.t_RangeTo usize ] <: t_Slice u8) serialized @@ -31,14 +34,24 @@ let bytestream_to_potential_coefficients (serialized: t_Slice u8) = in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 5l 4l 3l 0l 2l 1l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 5) + (mk_i32 4) + (mk_i32 3) + (mk_i32 0) + (mk_i32 2) + (mk_i32 1) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 11y 10y 9y (-1y) 8y 7y 6y (-1y) 5y 4y 3y - (-1y) 2y 1y 0y (-1y) 11y 10y 9y (-1y) 8y 7y 6y (-1y) 5y 4y 3y (-1y) 2y 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 11) (mk_i8 10) (mk_i8 9) + (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 (-1)) (mk_i8 5) (mk_i8 4) (mk_i8 3) + (mk_i8 (-1)) (mk_i8 2) (mk_i8 1) (mk_i8 0) (mk_i8 (-1)) (mk_i8 11) (mk_i8 10) (mk_i8 9) + (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 (-1)) (mk_i8 5) (mk_i8 4) (mk_i8 3) + (mk_i8 (-1)) (mk_i8 2) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -64,9 +77,9 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = <: u8) in - let good_lower_half:i32 = good &. 15l in - let good_upper_half:i32 = good >>! 4l in - let lower_shuffles:t_Array u8 (sz 16) = + let good_lower_half:i32 = good &. mk_i32 15 in + let good_upper_half:i32 = good >>! mk_i32 4 in + let lower_shuffles:t_Array u8 (mk_usize 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_lower_half <: i32) @@ -84,12 +97,12 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = in let output:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 4 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize ] @@ -100,7 +113,7 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = t_Slice i32) in let sampled_count:usize = cast (Core.Num.impl__i32__count_ones good_lower_half <: u32) <: usize in - let upper_shuffles:t_Array u8 (sz 16) = + let upper_shuffles:t_Array u8 (mk_usize 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_upper_half <: i32) @@ -111,7 +124,7 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) potential_coefficients in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles @@ -120,13 +133,13 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output ({ Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 4 <: usize } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 4 <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti index 8d297cab8..9a10d3fd0 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti @@ -3,7 +3,8 @@ module Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus open Core open FStar.Mul -let bytestream_to_potential_coefficients__COEFFICIENT_MASK: i32 = (1l < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst index 97a40a5a5..d181d1c8a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst @@ -4,103 +4,111 @@ open Core open FStar.Mul let is_bit_set (number: usize) (bit_position: u8) = - ((number &. (sz 1 <>! bit_position <: usize) =. sz 1 + ((number &. (mk_usize 1 <>! bit_position <: usize) =. + mk_usize 1 let generate_shuffle_table (_: Prims.unit) = - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 255uy (sz 16) <: t_Array u8 (sz 16)) - (sz 16) + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_u8 255) (mk_usize 16) + <: + t_Array u8 (mk_usize 16)) + (mk_usize 16) in - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 1 < - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = byte_shuffles in + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = byte_shuffles in let _:usize = temp_1_ in true) byte_shuffles (fun byte_shuffles bit_pattern -> - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = byte_shuffles in + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = byte_shuffles in let bit_pattern:usize = bit_pattern in - let byte_shuffles_index:usize = sz 0 in - let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (sz 16)) (sz 16) & usize) = - Rust_primitives.Hax.Folds.fold_range 0uy - 4uy + let byte_shuffles_index:usize = mk_usize 0 in + let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) & + usize) = + Rust_primitives.Hax.Folds.fold_range (mk_u8 0) + (mk_u8 4) (fun temp_0_ temp_1_ -> - let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (sz 16)) (sz 16) & + let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (mk_usize 16)) + (mk_usize 16) & usize) = temp_0_ in let _:u8 = temp_1_ in true) - (byte_shuffles, byte_shuffles_index <: (t_Array (t_Array u8 (sz 16)) (sz 16) & usize)) + (byte_shuffles, byte_shuffles_index + <: + (t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) & usize)) (fun temp_0_ bit_position -> - let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (sz 16)) (sz 16) & + let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (mk_usize 16)) + (mk_usize 16) & usize) = temp_0_ in let bit_position:u8 = bit_position in if is_bit_set bit_pattern bit_position <: bool then - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) byte_shuffles_index - (bit_position *! 4uy <: u8) + (bit_position *! mk_u8 4 <: u8) <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) in - let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = + let byte_shuffles_index:usize = byte_shuffles_index +! mk_usize 1 in + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) byte_shuffles_index - ((bit_position *! 4uy <: u8) +! 1uy <: u8) + ((bit_position *! mk_u8 4 <: u8) +! mk_u8 1 <: u8) <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) in - let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = + let byte_shuffles_index:usize = byte_shuffles_index +! mk_usize 1 in + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) byte_shuffles_index - ((bit_position *! 4uy <: u8) +! 2uy <: u8) + ((bit_position *! mk_u8 4 <: u8) +! mk_u8 2 <: u8) <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) in - let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = + let byte_shuffles_index:usize = byte_shuffles_index +! mk_usize 1 in + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) byte_shuffles_index - ((bit_position *! 4uy <: u8) +! 3uy <: u8) + ((bit_position *! mk_u8 4 <: u8) +! mk_u8 3 <: u8) <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) in - let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in + let byte_shuffles_index:usize = byte_shuffles_index +! mk_usize 1 in byte_shuffles, byte_shuffles_index <: - (t_Array (t_Array u8 (sz 16)) (sz 16) & usize) + (t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) & usize) else byte_shuffles, byte_shuffles_index <: - (t_Array (t_Array u8 (sz 16)) (sz 16) & usize)) + (t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) & usize)) in byte_shuffles) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti index 9586d3a7b..5d3b877f3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti @@ -3,128 +3,134 @@ module Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table open Core open FStar.Mul -let v_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 16) = +let v_SHUFFLE_TABLE: t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = let list = [ (let list = [ - 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy; 255uy + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list @@ -137,4 +143,6 @@ val is_bit_set (number: usize) (bit_position: u8) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) val generate_shuffle_table: Prims.unit - -> Prims.Pure (t_Array (t_Array u8 (sz 16)) (sz 16)) Prims.l_True (fun _ -> Prims.l_True) + -> Prims.Pure (t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst index d92dc0ac9..bc75388f5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst @@ -390,7 +390,7 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> let tmp0, out1:(t_Slice i32 & usize) = - Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (sz 2) randomness out + Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (mk_usize 2) randomness out in let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in @@ -405,7 +405,7 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> let tmp0, out1:(t_Slice i32 & usize) = - Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (sz 4) randomness out + Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (mk_usize 4) randomness out in let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in @@ -660,35 +660,35 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto out); f_ntt_pre = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) -> true); + (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> true); f_ntt_post = (fun - (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> true); f_ntt = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) -> - let simd_units:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> + let simd_units:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Libcrux_ml_dsa.Simd.Avx2.Ntt.ntt simd_units in simd_units); f_invert_ntt_montgomery_pre = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) -> true); + (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> true); f_invert_ntt_montgomery_post = (fun - (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> true); f_invert_ntt_montgomery = - fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) -> - let simd_units:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> + let simd_units:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Libcrux_ml_dsa.Simd.Avx2.Invntt.invert_ntt_montgomery simd_units in simd_units diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst index 1564e438b..bd32175ed 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst @@ -6,14 +6,15 @@ open FStar.Mul let compute_one_hint (low high gamma2: i32) = if low >. gamma2 || low <. (Core.Ops.Arith.Neg.neg gamma2 <: i32) || - low =. (Core.Ops.Arith.Neg.neg gamma2 <: i32) && high <>. 0l - then 1l - else 0l + low =. (Core.Ops.Arith.Neg.neg gamma2 <: i32) && high <>. mk_i32 0 + then mk_i32 1 + else mk_i32 0 -let get_n_least_significant_bits (n: u8) (value: u64) = value &. ((1uL <>! 23l in + let quotient:i32 = (fe +! (mk_i32 1 <>! mk_i32 23 in fe -! (quotient *! Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) let montgomery_reduce_element (value: i64) = @@ -45,32 +46,38 @@ let decompose_element (gamma2 r: i32) = in () in - let r:i32 = r +! ((r >>! 31l <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) in - let ceil_of_r_by_128_:i32 = (r +! 127l <: i32) >>! 7l in + let r:i32 = + r +! ((r >>! mk_i32 31 <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + in + let ceil_of_r_by_128_:i32 = (r +! mk_i32 127 <: i32) >>! mk_i32 7 in let r1:i32 = match gamma2 <: i32 with - | 95232l -> + | Rust_primitives.Integers.MkInt 95232 -> let result:i32 = - ((ceil_of_r_by_128_ *! 11275l <: i32) +! (1l <>! 24l + ((ceil_of_r_by_128_ *! mk_i32 11275 <: i32) +! (mk_i32 1 <>! + mk_i32 24 in - (result ^. ((43l -! result <: i32) >>! 31l <: i32) <: i32) &. result - | 261888l -> + (result ^. ((mk_i32 43 -! result <: i32) >>! mk_i32 31 <: i32) <: i32) &. result + | Rust_primitives.Integers.MkInt 261888 -> let result:i32 = - ((ceil_of_r_by_128_ *! 1025l <: i32) +! (1l <>! 22l + ((ceil_of_r_by_128_ *! mk_i32 1025 <: i32) +! (mk_i32 1 <>! + mk_i32 22 in - result &. 15l + result &. mk_i32 15 | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" <: Rust_primitives.Hax.t_Never) in - let alpha:i32 = gamma2 *! 2l in + let alpha:i32 = gamma2 *! mk_i32 2 in let r0:i32 = r -! (r1 *! alpha <: i32) in let r0:i32 = r0 -! - (((((Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS -! 1l <: i32) /! 2l <: i32) -! r0 <: i32) >>! - 31l + (((((Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS -! mk_i32 1 <: i32) /! mk_i32 2 <: i32) -! r0 + <: + i32) >>! + mk_i32 31 <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS @@ -92,10 +99,14 @@ let power2round_element (t: i32) = in () in - let t:i32 = t +! ((t >>! 31l <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) in + let t:i32 = + t +! ((t >>! mk_i32 31 <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + in let t1:i32 = - ((t -! 1l <: i32) +! - (1l <>! Libcrux_ml_dsa.Constants.v_BITS_IN_LOWER_PART_OF_T @@ -105,15 +116,16 @@ let power2round_element (t: i32) = let use_one_hint (gamma2 r hint: i32) = let r0, r1:(i32 & i32) = decompose_element gamma2 r in - if hint =. 0l + if hint =. mk_i32 0 then r1 else match gamma2 <: i32 with - | 95232l -> - if r0 >. 0l - then if r1 =. 43l then 0l else r1 +! hint - else if r1 =. 0l then 43l else r1 -! hint - | 261888l -> if r0 >. 0l then (r1 +! hint <: i32) &. 15l else (r1 -! hint <: i32) &. 15l + | Rust_primitives.Integers.MkInt 95232 -> + if r0 >. mk_i32 0 + then if r1 =. mk_i32 43 then mk_i32 0 else r1 +! hint + else if r1 =. mk_i32 0 then mk_i32 43 else r1 -! hint + | Rust_primitives.Integers.MkInt 261888 -> + if r0 >. mk_i32 0 then (r1 +! hint <: i32) &. mk_i32 15 else (r1 -! hint <: i32) &. mk_i32 15 | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -122,7 +134,7 @@ let use_one_hint (gamma2 r hint: i32) = let add (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let lhs:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (lhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -147,7 +159,7 @@ let add (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = <: i32) <: - t_Array i32 (sz 8) + t_Array i32 (mk_usize 8) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -159,9 +171,9 @@ let compute_hint (gamma2: i32) (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = - let one_hints_count:usize = sz 0 in + let one_hints_count:usize = mk_usize 0 in let hint, one_hints_count:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -215,7 +227,7 @@ let decompose = let high, low:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (low.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -283,7 +295,7 @@ let infinity_norm_exceeds = let result:bool = false in let result:bool = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -309,8 +321,8 @@ let infinity_norm_exceeds in () in - let sign:i32 = coefficient >>! 31l in - let normalized:i32 = coefficient -! (sign &. (2l *! coefficient <: i32) <: i32) in + let sign:i32 = coefficient >>! mk_i32 31 in + let normalized:i32 = coefficient -! (sign &. (mk_i32 2 *! coefficient <: i32) <: i32) in let result:bool = result || normalized >=. bound in result) in @@ -318,7 +330,7 @@ let infinity_norm_exceeds let montgomery_multiply (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let lhs:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (lhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -352,7 +364,7 @@ let montgomery_multiply (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coe <: i32) <: - t_Array i32 (sz 8) + t_Array i32 (mk_usize 8) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -364,7 +376,7 @@ let montgomery_multiply_by_constant (c: i32) = let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -396,7 +408,7 @@ let montgomery_multiply_by_constant <: i32) <: - t_Array i32 (sz 8) + t_Array i32 (mk_usize 8) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -406,7 +418,7 @@ let montgomery_multiply_by_constant let power2round (t0 t1: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let t0, t1:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (t0.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -472,7 +484,7 @@ let shift_left_then_reduce (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -501,7 +513,7 @@ let shift_left_then_reduce <: i32) <: - t_Array i32 (sz 8) + t_Array i32 (mk_usize 8) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -510,7 +522,7 @@ let shift_left_then_reduce let subtract (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let lhs:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (lhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -535,7 +547,7 @@ let subtract (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) <: i32) <: - t_Array i32 (sz 8) + t_Array i32 (mk_usize 8) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -544,7 +556,7 @@ let subtract (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) let use_hint (gamma2: i32) (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -570,7 +582,7 @@ let use_hint (gamma2: i32) (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_ <: i32) <: - t_Array i32 (sz 8) + t_Array i32 (mk_usize 8) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti index afb9b56a4..6dd3fb321 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_dsa.Simd.Portable.Arithmetic open Core open FStar.Mul -let v_MONTGOMERY_SHIFT: u8 = 32uy +let v_MONTGOMERY_SHIFT: u8 = mk_u8 32 val compute_one_hint (low high gamma2: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst index ad1e8b82e..943dded63 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst @@ -9,9 +9,9 @@ let serialize = let serialized:t_Slice u8 = match cast (Core.Slice.impl__len #u8 serialized <: usize) <: u8 with - | 4uy -> + | Rust_primitives.Integers.MkInt 4 -> let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 2) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -21,19 +21,19 @@ let serialize (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let coefficient0:u8 = cast (coefficients.[ sz 0 ] <: i32) <: u8 in - let coefficient1:u8 = cast (coefficients.[ sz 1 ] <: i32) <: u8 in + let coefficient0:u8 = cast (coefficients.[ mk_usize 0 ] <: i32) <: u8 in + let coefficient1:u8 = cast (coefficients.[ mk_usize 1 ] <: i32) <: u8 in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized i - ((coefficient1 < + | Rust_primitives.Integers.MkInt 6 -> let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 4) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -43,24 +43,24 @@ let serialize (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let coefficient0:u8 = cast (coefficients.[ sz 0 ] <: i32) <: u8 in - let coefficient1:u8 = cast (coefficients.[ sz 1 ] <: i32) <: u8 in - let coefficient2:u8 = cast (coefficients.[ sz 2 ] <: i32) <: u8 in - let coefficient3:u8 = cast (coefficients.[ sz 3 ] <: i32) <: u8 in + let coefficient0:u8 = cast (coefficients.[ mk_usize 0 ] <: i32) <: u8 in + let coefficient1:u8 = cast (coefficients.[ mk_usize 1 ] <: i32) <: u8 in + let coefficient2:u8 = cast (coefficients.[ mk_usize 2 ] <: i32) <: u8 in + let coefficient3:u8 = cast (coefficients.[ mk_usize 3 ] <: i32) <: u8 in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 3 *! i <: usize) - ((coefficient1 <>! 2l <: u8) <: u8) + ((mk_usize 3 *! i <: usize) +! mk_usize 1 <: usize) + ((coefficient2 <>! mk_i32 2 <: u8) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 3 *! i <: usize) +! sz 2 <: usize) - ((coefficient3 <>! 4l <: u8) <: u8) + ((mk_usize 3 *! i <: usize) +! mk_usize 2 <: usize) + ((coefficient3 <>! mk_i32 4 <: u8) <: u8) in serialized) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst index d950169bc..87e733aaa 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst @@ -11,13 +11,13 @@ let deserialize_when_eta_is_2_ if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 3 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 3 <: bool) in () in - let byte0:i32 = cast (serialized.[ sz 0 ] <: u8) <: i32 in - let byte1:i32 = cast (serialized.[ sz 1 ] <: u8) <: i32 in - let byte2:i32 = cast (serialized.[ sz 2 ] <: u8) <: i32 in + let byte0:i32 = cast (serialized.[ mk_usize 0 ] <: u8) <: i32 in + let byte1:i32 = cast (serialized.[ mk_usize 1 ] <: u8) <: i32 in + let byte2:i32 = cast (serialized.[ mk_usize 2 ] <: u8) <: i32 in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { simd_unit with @@ -25,8 +25,8 @@ let deserialize_when_eta_is_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 0) - (deserialize_when_eta_is_2___ETA -! (byte0 &. 7l <: i32) <: i32) + (mk_usize 0) + (deserialize_when_eta_is_2___ETA -! (byte0 &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -38,8 +38,8 @@ let deserialize_when_eta_is_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 1) - (deserialize_when_eta_is_2___ETA -! ((byte0 >>! 3l <: i32) &. 7l <: i32) <: i32) + (mk_usize 1) + (deserialize_when_eta_is_2___ETA -! ((byte0 >>! mk_i32 3 <: i32) &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -51,9 +51,9 @@ let deserialize_when_eta_is_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) + (mk_usize 2) (deserialize_when_eta_is_2___ETA -! - (((byte0 >>! 6l <: i32) |. (byte1 <>! mk_i32 6 <: i32) |. (byte1 <>! 1l <: i32) &. 7l <: i32) <: i32) + (mk_usize 3) + (deserialize_when_eta_is_2___ETA -! ((byte1 >>! mk_i32 1 <: i32) &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -80,8 +80,8 @@ let deserialize_when_eta_is_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) - (deserialize_when_eta_is_2___ETA -! ((byte1 >>! 4l <: i32) &. 7l <: i32) <: i32) + (mk_usize 4) + (deserialize_when_eta_is_2___ETA -! ((byte1 >>! mk_i32 4 <: i32) &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -93,9 +93,9 @@ let deserialize_when_eta_is_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) + (mk_usize 5) (deserialize_when_eta_is_2___ETA -! - (((byte1 >>! 7l <: i32) |. (byte2 <>! mk_i32 7 <: i32) |. (byte2 <>! 2l <: i32) &. 7l <: i32) <: i32) + (mk_usize 6) + (deserialize_when_eta_is_2___ETA -! ((byte2 >>! mk_i32 2 <: i32) &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -122,8 +122,8 @@ let deserialize_when_eta_is_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) - (deserialize_when_eta_is_2___ETA -! ((byte2 >>! 5l <: i32) &. 7l <: i32) <: i32) + (mk_usize 7) + (deserialize_when_eta_is_2___ETA -! ((byte2 >>! mk_i32 5 <: i32) &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -138,7 +138,7 @@ let deserialize_when_eta_is_4_ if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 4 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 4 <: bool) in () in @@ -159,8 +159,8 @@ let deserialize_when_eta_is_4_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_units .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2 *! i <: usize) - (deserialize_when_eta_is_4___ETA -! (cast (byte &. 15uy <: u8) <: i32) <: i32) + (mk_usize 2 *! i <: usize) + (deserialize_when_eta_is_4___ETA -! (cast (byte &. mk_u8 15 <: u8) <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -172,8 +172,8 @@ let deserialize_when_eta_is_4_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_units .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - ((sz 2 *! i <: usize) +! sz 1 <: usize) - (deserialize_when_eta_is_4___ETA -! (cast (byte >>! 4l <: u8) <: i32) <: i32) + ((mk_usize 2 *! i <: usize) +! mk_usize 1 <: usize) + (deserialize_when_eta_is_4___ETA -! (cast (byte >>! mk_i32 4 <: u8) <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -202,13 +202,13 @@ let serialize_when_eta_is_2_ if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 3 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 3 <: bool) in () in let coefficient0:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) <: i32) <: @@ -216,7 +216,7 @@ let serialize_when_eta_is_2_ in let coefficient1:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) <: i32) <: @@ -224,7 +224,7 @@ let serialize_when_eta_is_2_ in let coefficient2:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) <: i32) <: @@ -232,7 +232,7 @@ let serialize_when_eta_is_2_ in let coefficient3:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) <: i32) <: @@ -240,7 +240,7 @@ let serialize_when_eta_is_2_ in let coefficient4:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) <: i32) <: @@ -248,7 +248,7 @@ let serialize_when_eta_is_2_ in let coefficient5:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) <: i32) <: @@ -256,7 +256,7 @@ let serialize_when_eta_is_2_ in let coefficient6:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) <: i32) <: @@ -264,7 +264,7 @@ let serialize_when_eta_is_2_ in let coefficient7:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) <: i32) <: @@ -272,25 +272,28 @@ let serialize_when_eta_is_2_ in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 0) - (((coefficient2 <>! 2l <: u8) + (coefficient2 >>! mk_i32 2 <: u8) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 2) - (((coefficient7 <>! 1l <: u8) + (mk_usize 2) + (((coefficient7 <>! mk_i32 1 <: u8) <: u8) in @@ -301,7 +304,7 @@ let serialize_when_eta_is_4_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 2) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -312,15 +315,19 @@ let serialize_when_eta_is_4_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:u8 = - cast (serialize_when_eta_is_4___ETA -! (coefficients.[ sz 0 ] <: i32) <: i32) <: u8 + cast (serialize_when_eta_is_4___ETA -! (coefficients.[ mk_usize 0 ] <: i32) <: i32) + <: + u8 in let coefficient1:u8 = - cast (serialize_when_eta_is_4___ETA -! (coefficients.[ sz 1 ] <: i32) <: i32) <: u8 + cast (serialize_when_eta_is_4___ETA -! (coefficients.[ mk_usize 1 ] <: i32) <: i32) + <: + u8 in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized i - ((coefficient1 < let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in @@ -26,42 +26,42 @@ let deserialize_when_gamma1_is_2_pow_17_ (fun simd_unit temp_1_ -> let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient0:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in + let coefficient0:i32 = cast (bytes.[ mk_usize 0 ] <: u8) <: i32 in let coefficient0:i32 = - coefficient0 |. ((cast (bytes.[ sz 1 ] <: u8) <: i32) <>! 2l in + let coefficient1:i32 = (cast (bytes.[ mk_usize 2 ] <: u8) <: i32) >>! mk_i32 2 in let coefficient1:i32 = - coefficient1 |. ((cast (bytes.[ sz 3 ] <: u8) <: i32) <>! 4l in + let coefficient2:i32 = (cast (bytes.[ mk_usize 4 ] <: u8) <: i32) >>! mk_i32 4 in let coefficient2:i32 = - coefficient2 |. ((cast (bytes.[ sz 5 ] <: u8) <: i32) <>! 6l in + let coefficient3:i32 = (cast (bytes.[ mk_usize 6 ] <: u8) <: i32) >>! mk_i32 6 in let coefficient3:i32 = - coefficient3 |. ((cast (bytes.[ sz 7 ] <: u8) <: i32) < let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in @@ -145,22 +145,22 @@ let deserialize_when_gamma1_is_2_pow_19_ (fun simd_unit temp_1_ -> let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient0:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in + let coefficient0:i32 = cast (bytes.[ mk_usize 0 ] <: u8) <: i32 in let coefficient0:i32 = - coefficient0 |. ((cast (bytes.[ sz 1 ] <: u8) <: i32) <>! 4l in + let coefficient1:i32 = (cast (bytes.[ mk_usize 2 ] <: u8) <: i32) >>! mk_i32 4 in let coefficient1:i32 = - coefficient1 |. ((cast (bytes.[ sz 3 ] <: u8) <: i32) < deserialize_when_gamma1_is_2_pow_17_ serialized out - | 19uy -> deserialize_when_gamma1_is_2_pow_19_ serialized out + | Rust_primitives.Integers.MkInt 17 -> deserialize_when_gamma1_is_2_pow_17_ serialized out + | Rust_primitives.Integers.MkInt 19 -> deserialize_when_gamma1_is_2_pow_19_ serialized out | _ -> out in out @@ -210,7 +210,7 @@ let serialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 4) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -221,85 +221,85 @@ let serialize_when_gamma1_is_2_pow_17_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ sz 0 ] <: i32) + serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) in let coefficient1:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ sz 1 ] <: i32) + serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) in let coefficient2:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ sz 2 ] <: i32) + serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 2 ] <: i32) in let coefficient3:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ sz 3 ] <: i32) + serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 3 ] <: i32) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 9 *! i <: usize) + (mk_usize 9 *! i <: usize) (cast (coefficient0 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 1 <: usize) - (cast (coefficient0 >>! 8l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 1 <: usize) + (cast (coefficient0 >>! mk_i32 8 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 2 <: usize) - (cast (coefficient0 >>! 16l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 2 <: usize) + (cast (coefficient0 >>! mk_i32 16 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 2 <: usize) - ((serialized.[ (sz 9 *! i <: usize) +! sz 2 <: usize ] <: u8) |. - (cast (coefficient1 <>! 6l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 3 <: usize) + (cast (coefficient1 >>! mk_i32 6 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 4 <: usize) - (cast (coefficient1 >>! 14l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 4 <: usize) + (cast (coefficient1 >>! mk_i32 14 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 4 <: usize) - ((serialized.[ (sz 9 *! i <: usize) +! sz 4 <: usize ] <: u8) |. - (cast (coefficient2 <>! 4l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 5 <: usize) + (cast (coefficient2 >>! mk_i32 4 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 6 <: usize) - (cast (coefficient2 >>! 12l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 6 <: usize) + (cast (coefficient2 >>! mk_i32 12 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 6 <: usize) - ((serialized.[ (sz 9 *! i <: usize) +! sz 6 <: usize ] <: u8) |. - (cast (coefficient3 <>! 2l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 7 <: usize) + (cast (coefficient3 >>! mk_i32 2 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 8 <: usize) - (cast (coefficient3 >>! 10l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 8 <: usize) + (cast (coefficient3 >>! mk_i32 10 <: i32) <: u8) in serialized) in @@ -310,7 +310,7 @@ let serialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 2) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -321,43 +321,43 @@ let serialize_when_gamma1_is_2_pow_19_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:i32 = - serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ sz 0 ] <: i32) + serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) in let coefficient1:i32 = - serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ sz 1 ] <: i32) + serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 5 *! i <: usize) + (mk_usize 5 *! i <: usize) (cast (coefficient0 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 1 <: usize) - (cast (coefficient0 >>! 8l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 1 <: usize) + (cast (coefficient0 >>! mk_i32 8 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 2 <: usize) - (cast (coefficient0 >>! 16l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 2 <: usize) + (cast (coefficient0 >>! mk_i32 16 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 2 <: usize) - ((serialized.[ (sz 5 *! i <: usize) +! sz 2 <: usize ] <: u8) |. - (cast (coefficient1 <>! 4l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 3 <: usize) + (cast (coefficient1 >>! mk_i32 4 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 4 <: usize) - (cast (coefficient1 >>! 12l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 4 <: usize) + (cast (coefficient1 >>! mk_i32 12 <: i32) <: u8) in serialized) in @@ -370,8 +370,8 @@ let serialize = let serialized:t_Slice u8 = match cast (gamma1_exponent <: usize) <: u8 with - | 17uy -> serialize_when_gamma1_is_2_pow_17_ simd_unit serialized - | 19uy -> serialize_when_gamma1_is_2_pow_19_ simd_unit serialized + | Rust_primitives.Integers.MkInt 17 -> serialize_when_gamma1_is_2_pow_17_ simd_unit serialized + | Rust_primitives.Integers.MkInt 19 -> serialize_when_gamma1_is_2_pow_19_ simd_unit serialized | _ -> serialized in serialized diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti index 4c6ce1b08..a61fd1a85 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti @@ -3,19 +3,19 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1 open Core open FStar.Mul -let deserialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = 1l <>! 5l in - let coefficient1:i32 = coefficient1 |. (byte2 <>! mk_i32 5 in + let coefficient1:i32 = coefficient1 |. (byte2 <>! 2l in - let coefficient2:i32 = coefficient2 |. (byte4 <>! mk_i32 2 in + let coefficient2:i32 = coefficient2 |. (byte4 <>! 7l in - let coefficient3:i32 = coefficient3 |. (byte5 <>! mk_i32 7 in + let coefficient3:i32 = coefficient3 |. (byte5 <>! 4l in - let coefficient4:i32 = coefficient4 |. (byte7 <>! mk_i32 4 in + let coefficient4:i32 = coefficient4 |. (byte7 <>! 1l in - let coefficient5:i32 = coefficient5 |. (byte9 <>! mk_i32 1 in + let coefficient5:i32 = coefficient5 |. (byte9 <>! 6l in - let coefficient6:i32 = coefficient6 |. (byte10 <>! mk_i32 6 in + let coefficient6:i32 = coefficient6 |. (byte10 <>! 3l in - let coefficient7:i32 = coefficient7 |. (byte12 <>! mk_i32 3 in + let coefficient7:i32 = coefficient7 |. (byte12 <>! 8l <: i32) <: u8) + (mk_usize 1) + (cast (coefficient0 >>! mk_i32 8 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 1) - ((serialized.[ sz 1 ] <: u8) |. (cast (coefficient1 <>! 3l <: i32) <: u8) + (mk_usize 2) + (cast (coefficient1 >>! mk_i32 3 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 3) - (cast (coefficient1 >>! 11l <: i32) <: u8) + (mk_usize 3) + (cast (coefficient1 >>! mk_i32 11 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 3) - ((serialized.[ sz 3 ] <: u8) |. (cast (coefficient2 <>! 6l <: i32) <: u8) + (mk_usize 4) + (cast (coefficient2 >>! mk_i32 6 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 4) - ((serialized.[ sz 4 ] <: u8) |. (cast (coefficient3 <>! 1l <: i32) <: u8) + (mk_usize 5) + (cast (coefficient3 >>! mk_i32 1 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 6) - (cast (coefficient3 >>! 9l <: i32) <: u8) + (mk_usize 6) + (cast (coefficient3 >>! mk_i32 9 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 6) - ((serialized.[ sz 6 ] <: u8) |. (cast (coefficient4 <>! 4l <: i32) <: u8) + (mk_usize 7) + (cast (coefficient4 >>! mk_i32 4 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 8) - (cast (coefficient4 >>! 12l <: i32) <: u8) + (mk_usize 8) + (cast (coefficient4 >>! mk_i32 12 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 8) - ((serialized.[ sz 8 ] <: u8) |. (cast (coefficient5 <>! 7l <: i32) <: u8) + (mk_usize 9) + (cast (coefficient5 >>! mk_i32 7 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 9) - ((serialized.[ sz 9 ] <: u8) |. (cast (coefficient6 <>! 2l <: i32) <: u8) + (mk_usize 10) + (cast (coefficient6 >>! mk_i32 2 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 11) - (cast (coefficient6 >>! 10l <: i32) <: u8) + (mk_usize 11) + (cast (coefficient6 >>! mk_i32 10 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 11) - ((serialized.[ sz 11 ] <: u8) |. (cast (coefficient7 <>! 5l <: i32) <: u8) + (mk_usize 12) + (cast (coefficient7 >>! mk_i32 5 <: i32) <: u8) in serialized diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T0.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T0.fsti index 6d5bd9cba..dac809f2b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T0.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.T0.fsti @@ -6,7 +6,8 @@ open FStar.Mul val change_t0_interval (t0: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) let deserialize__BITS_IN_LOWER_PART_OF_T_MASK: i32 = - (1l < let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in @@ -27,11 +29,11 @@ let deserialize (fun simd_unit temp_1_ -> let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let byte0:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in - let byte1:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in - let byte2:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in - let byte3:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in - let byte4:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in + let byte0:i32 = cast (bytes.[ mk_usize 0 ] <: u8) <: i32 in + let byte1:i32 = cast (bytes.[ mk_usize 1 ] <: u8) <: i32 in + let byte2:i32 = cast (bytes.[ mk_usize 2 ] <: u8) <: i32 in + let byte3:i32 = cast (bytes.[ mk_usize 3 ] <: u8) <: i32 in + let byte4:i32 = cast (bytes.[ mk_usize 4 ] <: u8) <: i32 in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { simd_unit with @@ -39,8 +41,8 @@ let deserialize = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4 *! i <: usize) - ((byte0 |. (byte1 <>! 2l <: i32) |. (byte2 <>! mk_i32 2 <: i32) |. (byte2 <>! 4l <: i32) |. (byte3 <>! mk_i32 4 <: i32) |. (byte3 <>! 6l <: i32) |. (byte4 <>! mk_i32 6 <: i32) |. (byte4 < let serialized:t_Slice u8 = serialized in @@ -113,37 +115,57 @@ let serialize let i, coefficients:(usize & t_Slice i32) = temp_1_ in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 5 *! i <: usize) - (cast ((coefficients.[ sz 0 ] <: i32) &. 255l <: i32) <: u8) + (mk_usize 5 *! i <: usize) + (cast ((coefficients.[ mk_usize 0 ] <: i32) &. mk_i32 255 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 1 <: usize) - (((cast ((coefficients.[ sz 1 ] <: i32) &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 1 <: usize) + (((cast ((coefficients.[ mk_usize 1 ] <: i32) &. mk_i32 63 <: i32) <: u8) <>! mk_i32 8 <: i32) &. mk_i32 3 <: i32 + ) + <: + u8) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 2 <: usize) - (((cast ((coefficients.[ sz 2 ] <: i32) &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 2 <: usize) + (((cast ((coefficients.[ mk_usize 2 ] <: i32) &. mk_i32 15 <: i32) <: u8) <>! mk_i32 6 <: i32) &. mk_i32 15 + <: + i32) + <: + u8) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 3 <: usize) - (((cast ((coefficients.[ sz 3 ] <: i32) &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 3 <: usize) + (((cast ((coefficients.[ mk_usize 3 ] <: i32) &. mk_i32 3 <: i32) <: u8) <>! mk_i32 4 <: i32) &. mk_i32 63 + <: + i32) + <: + u8) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 4 <: usize) - (cast (((coefficients.[ sz 3 ] <: i32) >>! 2l <: i32) &. 255l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 4 <: usize) + (cast (((coefficients.[ mk_usize 3 ] <: i32) >>! mk_i32 2 <: i32) &. mk_i32 255 <: i32 + ) + <: + u8) in serialized) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fst index e31da3316..cada77634 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fst @@ -14,8 +14,8 @@ let simd_unit_invert_ntt_at_layer_0_ (zeta0 zeta1 zeta2 zeta3: i32) = let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -24,9 +24,9 @@ let simd_unit_invert_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) + (mk_usize 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) <: i32) } @@ -40,7 +40,7 @@ let simd_unit_invert_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 1) + (mk_usize 1) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i32) @@ -49,8 +49,8 @@ let simd_unit_invert_ntt_at_layer_0_ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -59,9 +59,9 @@ let simd_unit_invert_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) + (mk_usize 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) <: i32) } @@ -75,7 +75,7 @@ let simd_unit_invert_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 3) + (mk_usize 3) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i32) @@ -84,8 +84,8 @@ let simd_unit_invert_ntt_at_layer_0_ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -94,9 +94,9 @@ let simd_unit_invert_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) + (mk_usize 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) <: i32) } @@ -110,7 +110,7 @@ let simd_unit_invert_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) + (mk_usize 5) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta2 <: i32) @@ -119,8 +119,8 @@ let simd_unit_invert_ntt_at_layer_0_ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -129,9 +129,9 @@ let simd_unit_invert_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] <: i32) + (mk_usize 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) <: i32) } @@ -145,7 +145,7 @@ let simd_unit_invert_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) + (mk_usize 7) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta3 <: i32) @@ -156,11 +156,11 @@ let simd_unit_invert_ntt_at_layer_0_ simd_unit let invert_ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta0 zeta1 zeta2 zeta3: i32) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index (simd_unit_invert_ntt_at_layer_0_ (re.[ index ] @@ -176,103 +176,263 @@ let invert_ntt_at_layer_0___round re let invert_ntt_at_layer_0_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 0) 1976782l (-846154l) 1400424l 3937738l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 1) (-1362209l) (-48306l) 3919660l (-554416l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 2) (-3545687l) 1612842l (-976891l) 183443l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 3) (-2286327l) (-420899l) (-2235985l) (-2939036l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 4) (-3833893l) (-260646l) (-1104333l) (-1667432l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 5) 1910376l (-1803090l) 1723600l (-426683l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 6) 472078l 1717735l (-975884l) 2213111l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 7) 269760l 3866901l 3523897l (-3038916l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 8) (-1799107l) (-3694233l) 1652634l 810149l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 9) 3014001l 1616392l 162844l (-3183426l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 10) (-1207385l) 185531l 3369112l 1957272l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 11) (-164721l) 2454455l 2432395l (-2013608l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 12) (-3776993l) 594136l (-3724270l) (-2584293l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 13) (-1846953l) (-1671176l) (-2831860l) (-542412l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 14) 3406031l 2235880l 777191l 1500165l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 15) (-1374803l) (-2546312l) 1917081l (-1279661l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 16) (-1962642l) 3306115l 1312455l (-451100l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 17) (-1430225l) (-3318210l) 1237275l (-1333058l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 18) (-1050970l) 1903435l 1869119l (-2994039l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 19) (-3548272l) 2635921l 1250494l (-3767016l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 20) 1595974l 2486353l 1247620l 4055324l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 21) 1265009l (-2590150l) 2691481l 2842341l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 22) 203044l 1735879l (-3342277l) 3437287l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 23) 4108315l (-2437823l) 286988l 342297l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 24) (-3595838l) (-768622l) (-525098l) (-3556995l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 25) 3207046l 2031748l (-3122442l) (-655327l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 26) (-522500l) (-43260l) (-1613174l) 495491l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 27) 819034l 909542l 1859098l 900702l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 28) (-3193378l) (-1197226l) (-3759364l) (-3520352l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 29) 3513181l (-1235728l) 2434439l 266997l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 30) (-3562462l) (-2446433l) 2244091l (-3342478l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_0___round re (sz 31) 3817976l 2316500l 3407706l 2091667l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 0) + (mk_i32 1976782) + (mk_i32 (-846154)) + (mk_i32 1400424) + (mk_i32 3937738) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 1) + (mk_i32 (-1362209)) + (mk_i32 (-48306)) + (mk_i32 3919660) + (mk_i32 (-554416)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 2) + (mk_i32 (-3545687)) + (mk_i32 1612842) + (mk_i32 (-976891)) + (mk_i32 183443) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 3) + (mk_i32 (-2286327)) + (mk_i32 (-420899)) + (mk_i32 (-2235985)) + (mk_i32 (-2939036)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 4) + (mk_i32 (-3833893)) + (mk_i32 (-260646)) + (mk_i32 (-1104333)) + (mk_i32 (-1667432)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 5) + (mk_i32 1910376) + (mk_i32 (-1803090)) + (mk_i32 1723600) + (mk_i32 (-426683)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 6) + (mk_i32 472078) + (mk_i32 1717735) + (mk_i32 (-975884)) + (mk_i32 2213111) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 7) + (mk_i32 269760) + (mk_i32 3866901) + (mk_i32 3523897) + (mk_i32 (-3038916)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 8) + (mk_i32 (-1799107)) + (mk_i32 (-3694233)) + (mk_i32 1652634) + (mk_i32 810149) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 9) + (mk_i32 3014001) + (mk_i32 1616392) + (mk_i32 162844) + (mk_i32 (-3183426)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 10) + (mk_i32 (-1207385)) + (mk_i32 185531) + (mk_i32 3369112) + (mk_i32 1957272) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 11) + (mk_i32 (-164721)) + (mk_i32 2454455) + (mk_i32 2432395) + (mk_i32 (-2013608)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 12) + (mk_i32 (-3776993)) + (mk_i32 594136) + (mk_i32 (-3724270)) + (mk_i32 (-2584293)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 13) + (mk_i32 (-1846953)) + (mk_i32 (-1671176)) + (mk_i32 (-2831860)) + (mk_i32 (-542412)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 14) + (mk_i32 3406031) + (mk_i32 2235880) + (mk_i32 777191) + (mk_i32 1500165) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 15) + (mk_i32 (-1374803)) + (mk_i32 (-2546312)) + (mk_i32 1917081) + (mk_i32 (-1279661)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 16) + (mk_i32 (-1962642)) + (mk_i32 3306115) + (mk_i32 1312455) + (mk_i32 (-451100)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 17) + (mk_i32 (-1430225)) + (mk_i32 (-3318210)) + (mk_i32 1237275) + (mk_i32 (-1333058)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 18) + (mk_i32 (-1050970)) + (mk_i32 1903435) + (mk_i32 1869119) + (mk_i32 (-2994039)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 19) + (mk_i32 (-3548272)) + (mk_i32 2635921) + (mk_i32 1250494) + (mk_i32 (-3767016)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 20) + (mk_i32 1595974) + (mk_i32 2486353) + (mk_i32 1247620) + (mk_i32 4055324) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 21) + (mk_i32 1265009) + (mk_i32 (-2590150)) + (mk_i32 2691481) + (mk_i32 2842341) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 22) + (mk_i32 203044) + (mk_i32 1735879) + (mk_i32 (-3342277)) + (mk_i32 3437287) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 23) + (mk_i32 4108315) + (mk_i32 (-2437823)) + (mk_i32 286988) + (mk_i32 342297) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 24) + (mk_i32 (-3595838)) + (mk_i32 (-768622)) + (mk_i32 (-525098)) + (mk_i32 (-3556995)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 25) + (mk_i32 3207046) + (mk_i32 2031748) + (mk_i32 (-3122442)) + (mk_i32 (-655327)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 26) + (mk_i32 (-522500)) + (mk_i32 (-43260)) + (mk_i32 (-1613174)) + (mk_i32 495491) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 27) + (mk_i32 819034) + (mk_i32 909542) + (mk_i32 1859098) + (mk_i32 900702) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 28) + (mk_i32 (-3193378)) + (mk_i32 (-1197226)) + (mk_i32 (-3759364)) + (mk_i32 (-3520352)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 29) + (mk_i32 3513181) + (mk_i32 (-1235728)) + (mk_i32 2434439) + (mk_i32 266997) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 30) + (mk_i32 (-3562462)) + (mk_i32 (-2446433)) + (mk_i32 2244091) + (mk_i32 (-3342478)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_0___round re + (mk_usize 31) + (mk_i32 3817976) + (mk_i32 2316500) + (mk_i32 3407706) + (mk_i32 2091667) in re @@ -281,8 +441,8 @@ let simd_unit_invert_ntt_at_layer_1_ (zeta0 zeta1: i32) = let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -291,9 +451,9 @@ let simd_unit_invert_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) + (mk_usize 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) <: i32) } @@ -307,7 +467,7 @@ let simd_unit_invert_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) + (mk_usize 2) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i32) @@ -316,8 +476,8 @@ let simd_unit_invert_ntt_at_layer_1_ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -326,9 +486,9 @@ let simd_unit_invert_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) + (mk_usize 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) <: i32) } @@ -342,7 +502,7 @@ let simd_unit_invert_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 3) + (mk_usize 3) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i32) @@ -351,8 +511,8 @@ let simd_unit_invert_ntt_at_layer_1_ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -361,9 +521,9 @@ let simd_unit_invert_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) + (mk_usize 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) <: i32) } @@ -377,7 +537,7 @@ let simd_unit_invert_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 6) + (mk_usize 6) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i32) @@ -386,8 +546,8 @@ let simd_unit_invert_ntt_at_layer_1_ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -396,9 +556,9 @@ let simd_unit_invert_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] <: i32) + (mk_usize 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) <: i32) } @@ -412,7 +572,7 @@ let simd_unit_invert_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) + (mk_usize 7) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i32) @@ -423,11 +583,11 @@ let simd_unit_invert_ntt_at_layer_1_ simd_unit let invert_ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_00_ zeta_01_: i32) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index (simd_unit_invert_ntt_at_layer_1_ (re.[ index ] @@ -441,103 +601,103 @@ let invert_ntt_at_layer_1___round re let invert_ntt_at_layer_1_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 0) 3839961l (-3628969l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 0) (mk_i32 3839961) (mk_i32 (-3628969)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 1) (-3881060l) (-3019102l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 1) (mk_i32 (-3881060)) (mk_i32 (-3019102)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 2) (-1439742l) (-812732l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 2) (mk_i32 (-1439742)) (mk_i32 (-812732)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 3) (-1584928l) 1285669l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 3) (mk_i32 (-1584928)) (mk_i32 1285669) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 4) 1341330l 1315589l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 4) (mk_i32 1341330) (mk_i32 1315589) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 5) (-177440l) (-2409325l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 5) (mk_i32 (-177440)) (mk_i32 (-2409325)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 6) (-1851402l) 3159746l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 6) (mk_i32 (-1851402)) (mk_i32 3159746) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 7) (-3553272l) 189548l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 7) (mk_i32 (-3553272)) (mk_i32 189548) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 8) (-1316856l) 759969l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 8) (mk_i32 (-1316856)) (mk_i32 759969) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 9) (-210977l) 2389356l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 9) (mk_i32 (-210977)) (mk_i32 2389356) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 10) (-3249728l) 1653064l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 10) (mk_i32 (-3249728)) (mk_i32 1653064) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 11) (-8578l) (-3724342l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 11) (mk_i32 (-8578)) (mk_i32 (-3724342)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 12) 3958618l 904516l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 12) (mk_i32 3958618) (mk_i32 904516) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 13) (-1100098l) 44288l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 13) (mk_i32 (-1100098)) (mk_i32 44288) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 14) 3097992l 508951l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 14) (mk_i32 3097992) (mk_i32 508951) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 15) 264944l (-3343383l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 15) (mk_i32 264944) (mk_i32 (-3343383)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 16) (-1430430l) 1852771l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 16) (mk_i32 (-1430430)) (mk_i32 1852771) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 17) 1349076l (-381987l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 17) (mk_i32 1349076) (mk_i32 (-381987)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 18) (-1308169l) (-22981l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 18) (mk_i32 (-1308169)) (mk_i32 (-22981)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 19) (-1228525l) (-671102l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 19) (mk_i32 (-1228525)) (mk_i32 (-671102)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 20) (-2477047l) (-411027l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 20) (mk_i32 (-2477047)) (mk_i32 (-411027)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 21) (-3693493l) (-2967645l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 21) (mk_i32 (-3693493)) (mk_i32 (-2967645)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 22) 2715295l 2147896l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 22) (mk_i32 2715295) (mk_i32 2147896) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 23) (-983419l) 3412210l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 23) (mk_i32 (-983419)) (mk_i32 3412210) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 24) 126922l (-3632928l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 24) (mk_i32 126922) (mk_i32 (-3632928)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 25) (-3157330l) (-3190144l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 25) (mk_i32 (-3157330)) (mk_i32 (-3190144)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 26) (-1000202l) (-4083598l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 26) (mk_i32 (-1000202)) (mk_i32 (-4083598)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 27) 1939314l (-1257611l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 27) (mk_i32 1939314) (mk_i32 (-1257611)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 28) (-1585221l) 2176455l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 28) (mk_i32 (-1585221)) (mk_i32 2176455) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 29) 3475950l (-1452451l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 29) (mk_i32 3475950) (mk_i32 (-1452451)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 30) (-3041255l) (-3677745l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 30) (mk_i32 (-3041255)) (mk_i32 (-3677745)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_1___round re (sz 31) (-1528703l) (-3930395l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_1___round re (mk_usize 31) (mk_i32 (-1528703)) (mk_i32 (-3930395)) in re @@ -546,8 +706,8 @@ let simd_unit_invert_ntt_at_layer_2_ (zeta: i32) = let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -556,9 +716,9 @@ let simd_unit_invert_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) + (mk_usize 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) <: i32) } @@ -572,7 +732,7 @@ let simd_unit_invert_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) + (mk_usize 4) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32 ) } @@ -580,8 +740,8 @@ let simd_unit_invert_ntt_at_layer_2_ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -590,9 +750,9 @@ let simd_unit_invert_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) + (mk_usize 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) <: i32) } @@ -606,7 +766,7 @@ let simd_unit_invert_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) + (mk_usize 5) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32 ) } @@ -614,8 +774,8 @@ let simd_unit_invert_ntt_at_layer_2_ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -624,9 +784,9 @@ let simd_unit_invert_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) + (mk_usize 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) <: i32) } @@ -640,7 +800,7 @@ let simd_unit_invert_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 6) + (mk_usize 6) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32 ) } @@ -648,8 +808,8 @@ let simd_unit_invert_ntt_at_layer_2_ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let a_minus_b:i32 = - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] <: i32) -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) -! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { @@ -658,9 +818,9 @@ let simd_unit_invert_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) +! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] <: i32) + (mk_usize 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) +! + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) <: i32) } @@ -674,7 +834,7 @@ let simd_unit_invert_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) + (mk_usize 7) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta <: i32 ) } @@ -684,11 +844,11 @@ let simd_unit_invert_ntt_at_layer_2_ simd_unit let invert_ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta1: i32) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index (simd_unit_invert_ntt_at_layer_2_ (re.[ index ] @@ -701,121 +861,125 @@ let invert_ntt_at_layer_2___round re let invert_ntt_at_layer_2_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 0) (-2797779l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 0) (mk_i32 (-2797779)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 1) 2071892l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 1) (mk_i32 2071892) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 2) (-2556880l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 2) (mk_i32 (-2556880)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 3) 3900724l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 3) (mk_i32 3900724) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 4) 3881043l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 4) (mk_i32 3881043) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 5) 954230l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 5) (mk_i32 954230) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 6) 531354l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 6) (mk_i32 531354) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 7) 811944l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 7) (mk_i32 811944) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 8) 3699596l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 8) (mk_i32 3699596) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 9) (-1600420l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 9) (mk_i32 (-1600420)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 10) (-2140649l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 10) (mk_i32 (-2140649)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 11) 3507263l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 11) (mk_i32 3507263) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 12) (-3821735l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 12) (mk_i32 (-3821735)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 13) 3505694l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 13) (mk_i32 3505694) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 14) (-1643818l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 14) (mk_i32 (-1643818)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 15) (-1699267l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 15) (mk_i32 (-1699267)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 16) (-539299l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 16) (mk_i32 (-539299)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 17) 2348700l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 17) (mk_i32 2348700) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 18) (-300467l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 18) (mk_i32 (-300467)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 19) 3539968l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 19) (mk_i32 3539968) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 20) (-2867647l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 20) (mk_i32 (-2867647)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 21) 3574422l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 21) (mk_i32 3574422) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 22) (-3043716l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 22) (mk_i32 (-3043716)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 23) (-3861115l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 23) (mk_i32 (-3861115)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 24) 3915439l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 24) (mk_i32 3915439) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 25) (-2537516l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 25) (mk_i32 (-2537516)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 26) (-3592148l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 26) (mk_i32 (-3592148)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 27) (-1661693l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 27) (mk_i32 (-1661693)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 28) 3530437l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 28) (mk_i32 3530437) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 29) 3077325l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 29) (mk_i32 3077325) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 30) 95776l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 30) (mk_i32 95776) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - invert_ntt_at_layer_2___round re (sz 31) 2706023l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 31) (mk_i32 2706023) in re let outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Folds.fold_range v_OFFSET (v_OFFSET +! v_STEP_BY <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let _:usize = temp_1_ in true) re (fun re j -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let j:usize = j in let rejs:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = Core.Clone.f_clone #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -833,7 +997,7 @@ let outer_3_plus Libcrux_ml_dsa.Simd.Portable.Arithmetic.subtract a_minus_b (re.[ j ] <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re j (Libcrux_ml_dsa.Simd.Portable.Arithmetic.add (re.[ j ] @@ -843,12 +1007,12 @@ let outer_3_plus <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) a_minus_b in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_by_constant (re.[ j +! @@ -866,173 +1030,177 @@ let outer_3_plus re let invert_ntt_at_layer_3_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 1) 280005l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 1) (mk_i32 280005) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 2) (sz 1) 4010497l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 2) (mk_usize 1) (mk_i32 4010497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 4) (sz 1) (-19422l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 1) (mk_i32 (-19422)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 6) (sz 1) 1757237l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 6) (mk_usize 1) (mk_i32 1757237) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 1) (-3277672l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 1) (mk_i32 (-3277672)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 10) (sz 1) (-1399561l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 10) (mk_usize 1) (mk_i32 (-1399561)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 12) (sz 1) (-3859737l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 1) (mk_i32 (-3859737)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 14) (sz 1) (-2118186l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 14) (mk_usize 1) (mk_i32 (-2118186)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 1) (-2108549l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 1) (mk_i32 (-2108549)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 18) (sz 1) 2619752l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 18) (mk_usize 1) (mk_i32 2619752) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 20) (sz 1) (-1119584l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 1) (mk_i32 (-1119584)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 22) (sz 1) (-549488l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 22) (mk_usize 1) (mk_i32 (-549488)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 1) 3585928l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 1) (mk_i32 3585928) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 26) (sz 1) (-1079900l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 26) (mk_usize 1) (mk_i32 (-1079900)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 28) (sz 1) 1024112l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 1) (mk_i32 1024112) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 30) (sz 1) 2725464l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 30) (mk_usize 1) (mk_i32 2725464) re in re let invert_ntt_at_layer_4_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 2) 2680103l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 2) (mk_i32 2680103) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 4) (sz 2) 3111497l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 2) (mk_i32 3111497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 2) (-2884855l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 2) (mk_i32 (-2884855)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 12) (sz 2) 3119733l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 2) (mk_i32 3119733) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 2) (-2091905l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 2) (mk_i32 (-2091905)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 20) (sz 2) (-359251l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 2) (mk_i32 (-359251)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 2) 2353451l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 2) (mk_i32 2353451) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 28) (sz 2) 1826347l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 2) (mk_i32 1826347) re in re let invert_ntt_at_layer_5_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 4) 466468l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 4) (mk_i32 466468) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 4) (-876248l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 4) (mk_i32 (-876248)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 4) (-777960l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 4) (mk_i32 (-777960)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 4) 237124l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 4) (mk_i32 237124) re in re let invert_ntt_at_layer_6_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 8) (-518909l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 8) (mk_i32 (-518909)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 8) (-2608894l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 8) (mk_i32 (-2608894)) re in re let invert_ntt_at_layer_7_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 16) 25847l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 16) (mk_i32 25847) re in re let invert_ntt_montgomery - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_0_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_1_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_2_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_3_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_4_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_5_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_6_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_7_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (re <: t_Slice Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let _:usize = temp_1_ in true) re (fun re i -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let i:usize = i in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re i (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_by_constant (re.[ i ] <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) - 41978l + (mk_i32 41978) <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) <: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) in re diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fsti index d5accef63..d57539113 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fsti @@ -9,25 +9,25 @@ let _ = let open Libcrux_ml_dsa.Simd.Portable.Vector_type in () -let invert_ntt_at_layer_3___STEP: usize = sz 8 +let invert_ntt_at_layer_3___STEP: usize = mk_usize 8 -let invert_ntt_at_layer_3___STEP_BY: usize = sz 1 +let invert_ntt_at_layer_3___STEP_BY: usize = mk_usize 1 -let invert_ntt_at_layer_4___STEP: usize = sz 16 +let invert_ntt_at_layer_4___STEP: usize = mk_usize 16 -let invert_ntt_at_layer_4___STEP_BY: usize = sz 2 +let invert_ntt_at_layer_4___STEP_BY: usize = mk_usize 2 -let invert_ntt_at_layer_5___STEP: usize = sz 32 +let invert_ntt_at_layer_5___STEP: usize = mk_usize 32 -let invert_ntt_at_layer_5___STEP_BY: usize = sz 4 +let invert_ntt_at_layer_5___STEP_BY: usize = mk_usize 4 -let invert_ntt_at_layer_6___STEP: usize = sz 64 +let invert_ntt_at_layer_6___STEP: usize = mk_usize 64 -let invert_ntt_at_layer_6___STEP_BY: usize = sz 8 +let invert_ntt_at_layer_6___STEP_BY: usize = mk_usize 8 -let invert_ntt_at_layer_7___STEP: usize = sz 128 +let invert_ntt_at_layer_7___STEP: usize = mk_usize 128 -let invert_ntt_at_layer_7___STEP_BY: usize = sz 16 +let invert_ntt_at_layer_7___STEP_BY: usize = mk_usize 16 val simd_unit_invert_ntt_at_layer_0_ (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -37,16 +37,16 @@ val simd_unit_invert_ntt_at_layer_0_ (fun _ -> Prims.l_True) val invert_ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta0 zeta1 zeta2 zeta3: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_0_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -58,16 +58,16 @@ val simd_unit_invert_ntt_at_layer_1_ (fun _ -> Prims.l_True) val invert_ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_00_ zeta_01_: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_1_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -79,59 +79,59 @@ val simd_unit_invert_ntt_at_layer_2_ (fun _ -> Prims.l_True) val invert_ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta1: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_2_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_3_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_4_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_5_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_6_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_7_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_montgomery - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst index a3cb8b326..1246f7381 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst @@ -9,7 +9,7 @@ let simd_unit_ntt_at_layer_0_ = let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) zeta0 @@ -21,8 +21,10 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) -! t <: i32) + (mk_usize 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -34,15 +36,17 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) +! t <: i32) + (mk_usize 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) zeta1 @@ -54,8 +58,10 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) -! t <: i32) + (mk_usize 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -67,15 +73,17 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) +! t <: i32) + (mk_usize 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) zeta2 @@ -87,8 +95,10 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) -! t <: i32) + (mk_usize 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -100,15 +110,17 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) +! t <: i32) + (mk_usize 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) zeta3 @@ -120,8 +132,10 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) -! t <: i32) + (mk_usize 7) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -133,8 +147,10 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) +! t <: i32) + (mk_usize 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -142,11 +158,11 @@ let simd_unit_ntt_at_layer_0_ simd_unit let ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_0_ zeta_1_ zeta_2_ zeta_3_: i32) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index (simd_unit_ntt_at_layer_0_ (re.[ index ] @@ -161,102 +177,264 @@ let ntt_at_layer_0___round in re -let ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 0) 2091667l 3407706l 2316500l 3817976l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 1) (-3342478l) 2244091l (-2446433l) (-3562462l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 2) 266997l 2434439l (-1235728l) 3513181l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 3) (-3520352l) (-3759364l) (-1197226l) (-3193378l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 4) 900702l 1859098l 909542l 819034l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 5) 495491l (-1613174l) (-43260l) (-522500l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 6) (-655327l) (-3122442l) 2031748l 3207046l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 7) (-3556995l) (-525098l) (-768622l) (-3595838l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 8) 342297l 286988l (-2437823l) 4108315l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 9) 3437287l (-3342277l) 1735879l 203044l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 10) 2842341l 2691481l (-2590150l) 1265009l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 11) 4055324l 1247620l 2486353l 1595974l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 12) (-3767016l) 1250494l 2635921l (-3548272l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 13) (-2994039l) 1869119l 1903435l (-1050970l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 14) (-1333058l) 1237275l (-3318210l) (-1430225l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 15) (-451100l) 1312455l 3306115l (-1962642l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 16) (-1279661l) 1917081l (-2546312l) (-1374803l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 17) 1500165l 777191l 2235880l 3406031l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 18) (-542412l) (-2831860l) (-1671176l) (-1846953l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 19) (-2584293l) (-3724270l) 594136l (-3776993l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 20) (-2013608l) 2432395l 2454455l (-164721l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 21) 1957272l 3369112l 185531l (-1207385l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 22) (-3183426l) 162844l 1616392l 3014001l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 23) 810149l 1652634l (-3694233l) (-1799107l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 24) (-3038916l) 3523897l 3866901l 269760l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 25) 2213111l (-975884l) 1717735l 472078l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 26) (-426683l) 1723600l (-1803090l) 1910376l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 27) (-1667432l) (-1104333l) (-260646l) (-3833893l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 28) (-2939036l) (-2235985l) (-420899l) (-2286327l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 29) 183443l (-976891l) 1612842l (-3545687l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 30) (-554416l) 3919660l (-48306l) (-1362209l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 31) 3937738l 1400424l (-846154l) 1976782l +let ntt_at_layer_0_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 0) + (mk_i32 2091667) + (mk_i32 3407706) + (mk_i32 2316500) + (mk_i32 3817976) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 1) + (mk_i32 (-3342478)) + (mk_i32 2244091) + (mk_i32 (-2446433)) + (mk_i32 (-3562462)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 2) + (mk_i32 266997) + (mk_i32 2434439) + (mk_i32 (-1235728)) + (mk_i32 3513181) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 3) + (mk_i32 (-3520352)) + (mk_i32 (-3759364)) + (mk_i32 (-1197226)) + (mk_i32 (-3193378)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 4) + (mk_i32 900702) + (mk_i32 1859098) + (mk_i32 909542) + (mk_i32 819034) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 5) + (mk_i32 495491) + (mk_i32 (-1613174)) + (mk_i32 (-43260)) + (mk_i32 (-522500)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 6) + (mk_i32 (-655327)) + (mk_i32 (-3122442)) + (mk_i32 2031748) + (mk_i32 3207046) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 7) + (mk_i32 (-3556995)) + (mk_i32 (-525098)) + (mk_i32 (-768622)) + (mk_i32 (-3595838)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 8) + (mk_i32 342297) + (mk_i32 286988) + (mk_i32 (-2437823)) + (mk_i32 4108315) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 9) + (mk_i32 3437287) + (mk_i32 (-3342277)) + (mk_i32 1735879) + (mk_i32 203044) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 10) + (mk_i32 2842341) + (mk_i32 2691481) + (mk_i32 (-2590150)) + (mk_i32 1265009) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 11) + (mk_i32 4055324) + (mk_i32 1247620) + (mk_i32 2486353) + (mk_i32 1595974) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 12) + (mk_i32 (-3767016)) + (mk_i32 1250494) + (mk_i32 2635921) + (mk_i32 (-3548272)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 13) + (mk_i32 (-2994039)) + (mk_i32 1869119) + (mk_i32 1903435) + (mk_i32 (-1050970)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 14) + (mk_i32 (-1333058)) + (mk_i32 1237275) + (mk_i32 (-3318210)) + (mk_i32 (-1430225)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 15) + (mk_i32 (-451100)) + (mk_i32 1312455) + (mk_i32 3306115) + (mk_i32 (-1962642)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 16) + (mk_i32 (-1279661)) + (mk_i32 1917081) + (mk_i32 (-2546312)) + (mk_i32 (-1374803)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 17) + (mk_i32 1500165) + (mk_i32 777191) + (mk_i32 2235880) + (mk_i32 3406031) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 18) + (mk_i32 (-542412)) + (mk_i32 (-2831860)) + (mk_i32 (-1671176)) + (mk_i32 (-1846953)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 19) + (mk_i32 (-2584293)) + (mk_i32 (-3724270)) + (mk_i32 594136) + (mk_i32 (-3776993)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 20) + (mk_i32 (-2013608)) + (mk_i32 2432395) + (mk_i32 2454455) + (mk_i32 (-164721)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 21) + (mk_i32 1957272) + (mk_i32 3369112) + (mk_i32 185531) + (mk_i32 (-1207385)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 22) + (mk_i32 (-3183426)) + (mk_i32 162844) + (mk_i32 1616392) + (mk_i32 3014001) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 23) + (mk_i32 810149) + (mk_i32 1652634) + (mk_i32 (-3694233)) + (mk_i32 (-1799107)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 24) + (mk_i32 (-3038916)) + (mk_i32 3523897) + (mk_i32 3866901) + (mk_i32 269760) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 25) + (mk_i32 2213111) + (mk_i32 (-975884)) + (mk_i32 1717735) + (mk_i32 472078) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 26) + (mk_i32 (-426683)) + (mk_i32 1723600) + (mk_i32 (-1803090)) + (mk_i32 1910376) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 27) + (mk_i32 (-1667432)) + (mk_i32 (-1104333)) + (mk_i32 (-260646)) + (mk_i32 (-3833893)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 28) + (mk_i32 (-2939036)) + (mk_i32 (-2235985)) + (mk_i32 (-420899)) + (mk_i32 (-2286327)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 29) + (mk_i32 183443) + (mk_i32 (-976891)) + (mk_i32 1612842) + (mk_i32 (-3545687)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 30) + (mk_i32 (-554416)) + (mk_i32 3919660) + (mk_i32 (-48306)) + (mk_i32 (-1362209)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 31) + (mk_i32 3937738) + (mk_i32 1400424) + (mk_i32 (-846154)) + (mk_i32 1976782) in re @@ -266,7 +444,7 @@ let simd_unit_ntt_at_layer_1_ = let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) zeta1 @@ -278,8 +456,10 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) -! t <: i32) + (mk_usize 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -291,15 +471,17 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) +! t <: i32) + (mk_usize 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) zeta1 @@ -311,8 +493,10 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) -! t <: i32) + (mk_usize 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -324,15 +508,17 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) +! t <: i32) + (mk_usize 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) zeta2 @@ -344,8 +530,10 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) -! t <: i32) + (mk_usize 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -357,15 +545,17 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) +! t <: i32) + (mk_usize 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) zeta2 @@ -377,8 +567,10 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) -! t <: i32) + (mk_usize 7) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -390,8 +582,10 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) +! t <: i32) + (mk_usize 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -399,11 +593,11 @@ let simd_unit_ntt_at_layer_1_ simd_unit let ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_0_ zeta_1_: i32) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index (simd_unit_ntt_at_layer_1_ (re.[ index ] @@ -416,102 +610,104 @@ let ntt_at_layer_1___round in re -let ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 0) (-3930395l) (-1528703l) +let ntt_at_layer_1_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 0) (mk_i32 (-3930395)) (mk_i32 (-1528703)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 1) (-3677745l) (-3041255l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 1) (mk_i32 (-3677745)) (mk_i32 (-3041255)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 2) (-1452451l) 3475950l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 2) (mk_i32 (-1452451)) (mk_i32 3475950) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 3) 2176455l (-1585221l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 3) (mk_i32 2176455) (mk_i32 (-1585221)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 4) (-1257611l) 1939314l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 4) (mk_i32 (-1257611)) (mk_i32 1939314) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 5) (-4083598l) (-1000202l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 5) (mk_i32 (-4083598)) (mk_i32 (-1000202)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 6) (-3190144l) (-3157330l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 6) (mk_i32 (-3190144)) (mk_i32 (-3157330)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 7) (-3632928l) 126922l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 7) (mk_i32 (-3632928)) (mk_i32 126922) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 8) 3412210l (-983419l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 8) (mk_i32 3412210) (mk_i32 (-983419)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 9) 2147896l 2715295l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 9) (mk_i32 2147896) (mk_i32 2715295) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 10) (-2967645l) (-3693493l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 10) (mk_i32 (-2967645)) (mk_i32 (-3693493)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 11) (-411027l) (-2477047l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 11) (mk_i32 (-411027)) (mk_i32 (-2477047)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 12) (-671102l) (-1228525l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 12) (mk_i32 (-671102)) (mk_i32 (-1228525)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 13) (-22981l) (-1308169l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 13) (mk_i32 (-22981)) (mk_i32 (-1308169)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 14) (-381987l) 1349076l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 14) (mk_i32 (-381987)) (mk_i32 1349076) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 15) 1852771l (-1430430l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 15) (mk_i32 1852771) (mk_i32 (-1430430)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 16) (-3343383l) 264944l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 16) (mk_i32 (-3343383)) (mk_i32 264944) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 17) 508951l 3097992l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 17) (mk_i32 508951) (mk_i32 3097992) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 18) 44288l (-1100098l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 18) (mk_i32 44288) (mk_i32 (-1100098)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 19) 904516l 3958618l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 19) (mk_i32 904516) (mk_i32 3958618) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 20) (-3724342l) (-8578l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 20) (mk_i32 (-3724342)) (mk_i32 (-8578)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 21) 1653064l (-3249728l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 21) (mk_i32 1653064) (mk_i32 (-3249728)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 22) 2389356l (-210977l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 22) (mk_i32 2389356) (mk_i32 (-210977)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 23) 759969l (-1316856l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 23) (mk_i32 759969) (mk_i32 (-1316856)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 24) 189548l (-3553272l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 24) (mk_i32 189548) (mk_i32 (-3553272)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 25) 3159746l (-1851402l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 25) (mk_i32 3159746) (mk_i32 (-1851402)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 26) (-2409325l) (-177440l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 26) (mk_i32 (-2409325)) (mk_i32 (-177440)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 27) 1315589l 1341330l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 27) (mk_i32 1315589) (mk_i32 1341330) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 28) 1285669l (-1584928l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 28) (mk_i32 1285669) (mk_i32 (-1584928)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 29) (-812732l) (-1439742l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 29) (mk_i32 (-812732)) (mk_i32 (-1439742)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 30) (-3019102l) (-3881060l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 30) (mk_i32 (-3019102)) (mk_i32 (-3881060)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 31) (-3628969l) 3839961l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 31) (mk_i32 (-3628969)) (mk_i32 3839961) in re @@ -521,7 +717,7 @@ let simd_unit_ntt_at_layer_2_ = let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) zeta @@ -533,8 +729,10 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) -! t <: i32) + (mk_usize 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -546,15 +744,17 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) +! t <: i32) + (mk_usize 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) zeta @@ -566,8 +766,10 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) -! t <: i32) + (mk_usize 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -579,15 +781,17 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) +! t <: i32) + (mk_usize 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) zeta @@ -599,8 +803,10 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) -! t <: i32) + (mk_usize 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -612,15 +818,17 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) +! t <: i32) + (mk_usize 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) zeta @@ -632,8 +840,10 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) -! t <: i32) + (mk_usize 7) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -645,8 +855,10 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) +! t <: i32) + (mk_usize 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -654,11 +866,11 @@ let simd_unit_ntt_at_layer_2_ simd_unit let ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta: i32) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index (simd_unit_ntt_at_layer_2_ (re.[ index ] @@ -670,120 +882,126 @@ let ntt_at_layer_2___round in re -let ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 0) 2706023l +let ntt_at_layer_2_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 0) (mk_i32 2706023) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 1) 95776l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 1) (mk_i32 95776) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 2) 3077325l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 2) (mk_i32 3077325) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 3) 3530437l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 3) (mk_i32 3530437) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 4) (-1661693l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 4) (mk_i32 (-1661693)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 5) (-3592148l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 5) (mk_i32 (-3592148)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 6) (-2537516l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 6) (mk_i32 (-2537516)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 7) 3915439l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 7) (mk_i32 3915439) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 8) (-3861115l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 8) (mk_i32 (-3861115)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 9) (-3043716l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 9) (mk_i32 (-3043716)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 10) 3574422l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 10) (mk_i32 3574422) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 11) (-2867647l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 11) (mk_i32 (-2867647)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 12) 3539968l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 12) (mk_i32 3539968) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 13) (-300467l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 13) (mk_i32 (-300467)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 14) 2348700l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 14) (mk_i32 2348700) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 15) (-539299l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 15) (mk_i32 (-539299)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 16) (-1699267l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 16) (mk_i32 (-1699267)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 17) (-1643818l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 17) (mk_i32 (-1643818)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 18) 3505694l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 18) (mk_i32 3505694) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 19) (-3821735l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 19) (mk_i32 (-3821735)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 20) 3507263l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 20) (mk_i32 3507263) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 21) (-2140649l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 21) (mk_i32 (-2140649)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 22) (-1600420l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 22) (mk_i32 (-1600420)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 23) 3699596l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 23) (mk_i32 3699596) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 24) 811944l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 24) (mk_i32 811944) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 25) 531354l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 25) (mk_i32 531354) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 26) 954230l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 26) (mk_i32 954230) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 27) 3881043l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 27) (mk_i32 3881043) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 28) 3900724l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 28) (mk_i32 3900724) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 29) (-2556880l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 29) (mk_i32 (-2556880)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 30) 2071892l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 30) (mk_i32 2071892) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 31) (-2797779l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 31) (mk_i32 (-2797779)) in re let outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Folds.fold_range v_OFFSET (v_OFFSET +! v_STEP_BY <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let _:usize = temp_1_ in true) re (fun re j -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let j:usize = j in let tmp:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = re.[ j +! v_STEP_BY <: usize ] @@ -791,12 +1009,12 @@ let outer_3_plus let tmp:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_by_constant tmp v_ZETA in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) (re.[ j ] <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.subtract (re.[ j +! v_STEP_BY <: usize ] @@ -806,7 +1024,7 @@ let outer_3_plus <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re j (Libcrux_ml_dsa.Simd.Portable.Arithmetic.add (re.[ j ] @@ -820,137 +1038,147 @@ let outer_3_plus in re -let ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 1) 2725464l re +let ntt_at_layer_3_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 1) (mk_i32 2725464) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 2) (sz 1) 1024112l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 2) (mk_usize 1) (mk_i32 1024112) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 4) (sz 1) (-1079900l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 1) (mk_i32 (-1079900)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 6) (sz 1) 3585928l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 6) (mk_usize 1) (mk_i32 3585928) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 1) (-549488l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 1) (mk_i32 (-549488)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 10) (sz 1) (-1119584l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 10) (mk_usize 1) (mk_i32 (-1119584)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 12) (sz 1) 2619752l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 1) (mk_i32 2619752) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 14) (sz 1) (-2108549l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 14) (mk_usize 1) (mk_i32 (-2108549)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 1) (-2118186l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 1) (mk_i32 (-2118186)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 18) (sz 1) (-3859737l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 18) (mk_usize 1) (mk_i32 (-3859737)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 20) (sz 1) (-1399561l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 1) (mk_i32 (-1399561)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 22) (sz 1) (-3277672l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 22) (mk_usize 1) (mk_i32 (-3277672)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 1) 1757237l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 1) (mk_i32 1757237) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 26) (sz 1) (-19422l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 26) (mk_usize 1) (mk_i32 (-19422)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 28) (sz 1) 4010497l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 1) (mk_i32 4010497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 30) (sz 1) 280005l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 30) (mk_usize 1) (mk_i32 280005) re in re -let ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 2) 1826347l re +let ntt_at_layer_4_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 2) (mk_i32 1826347) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 4) (sz 2) 2353451l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 2) (mk_i32 2353451) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 2) (-359251l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 2) (mk_i32 (-359251)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 12) (sz 2) (-2091905l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 2) (mk_i32 (-2091905)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 2) 3119733l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 2) (mk_i32 3119733) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 20) (sz 2) (-2884855l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 2) (mk_i32 (-2884855)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 2) 3111497l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 2) (mk_i32 3111497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 28) (sz 2) 2680103l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 2) (mk_i32 2680103) re in re -let ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 4) 237124l re +let ntt_at_layer_5_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 4) (mk_i32 237124) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 4) (-777960l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 4) (mk_i32 (-777960)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 4) (-876248l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 4) (mk_i32 (-876248)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 4) 466468l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 4) (mk_i32 466468) re in re -let ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 8) (-2608894l) re +let ntt_at_layer_6_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 8) (mk_i32 (-2608894)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 8) (-518909l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 8) (mk_i32 (-518909)) re in re -let ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 16) 25847l re +let ntt_at_layer_7_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 16) (mk_i32 25847) re in re -let ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = +let ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_7_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_6_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_5_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_4_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_3_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_2_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_1_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_0_ re in re diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti index 71ab0dd53..e1b9f283e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti @@ -3,25 +3,25 @@ module Libcrux_ml_dsa.Simd.Portable.Ntt open Core open FStar.Mul -let ntt_at_layer_3___STEP: usize = sz 8 +let ntt_at_layer_3___STEP: usize = mk_usize 8 -let ntt_at_layer_3___STEP_BY: usize = sz 1 +let ntt_at_layer_3___STEP_BY: usize = mk_usize 1 -let ntt_at_layer_4___STEP: usize = sz 16 +let ntt_at_layer_4___STEP: usize = mk_usize 16 -let ntt_at_layer_4___STEP_BY: usize = sz 2 +let ntt_at_layer_4___STEP_BY: usize = mk_usize 2 -let ntt_at_layer_5___STEP: usize = sz 32 +let ntt_at_layer_5___STEP: usize = mk_usize 32 -let ntt_at_layer_5___STEP_BY: usize = sz 4 +let ntt_at_layer_5___STEP_BY: usize = mk_usize 4 -let ntt_at_layer_6___STEP: usize = sz 64 +let ntt_at_layer_6___STEP: usize = mk_usize 64 -let ntt_at_layer_6___STEP_BY: usize = sz 8 +let ntt_at_layer_6___STEP_BY: usize = mk_usize 8 -let ntt_at_layer_7___STEP: usize = sz 128 +let ntt_at_layer_7___STEP: usize = mk_usize 128 -let ntt_at_layer_7___STEP_BY: usize = sz 16 +let ntt_at_layer_7___STEP_BY: usize = mk_usize 16 val simd_unit_ntt_at_layer_0_ (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -31,15 +31,16 @@ val simd_unit_ntt_at_layer_0_ (fun _ -> Prims.l_True) val ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_0_ zeta_1_ zeta_2_ zeta_3_: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_0_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -51,15 +52,16 @@ val simd_unit_ntt_at_layer_1_ (fun _ -> Prims.l_True) val ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_0_ zeta_1_: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_1_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -71,52 +73,58 @@ val simd_unit_ntt_at_layer_2_ (fun _ -> Prims.l_True) val ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_2_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_3_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_4_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_5_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_6_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_7_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst index b381e5f1b..030041694 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst @@ -4,7 +4,7 @@ open Core open FStar.Mul let rejection_sample_less_than_eta_equals_2_ (randomness: t_Slice u8) (out: t_Slice i32) = - let sampled:usize = sz 0 in + let sampled:usize = mk_usize 0 in let out, sampled:(t_Slice i32 & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter u8) @@ -16,36 +16,36 @@ let rejection_sample_less_than_eta_equals_2_ (randomness: t_Slice u8) (out: t_Sl (fun temp_0_ byte -> let out, sampled:(t_Slice i32 & usize) = temp_0_ in let byte:u8 = byte in - let try_0_:u8 = byte &. 15uy in - let try_1_:u8 = byte >>! 4l in + let try_0_:u8 = byte &. mk_u8 15 in + let try_1_:u8 = byte >>! mk_i32 4 in let out, sampled:(t_Slice i32 & usize) = - if try_0_ <. 15uy + if try_0_ <. mk_u8 15 then let try_0_:i32 = cast (try_0_ <: u8) <: i32 in let try_0_mod_5_:i32 = - try_0_ -! (((try_0_ *! 26l <: i32) >>! 7l <: i32) *! 5l <: i32) + try_0_ -! (((try_0_ *! mk_i32 26 <: i32) >>! mk_i32 7 <: i32) *! mk_i32 5 <: i32) in let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (2l -! try_0_mod_5_ <: i32) + (mk_i32 2 -! try_0_mod_5_ <: i32) in - let sampled:usize = sampled +! sz 1 in + let sampled:usize = sampled +! mk_usize 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize) in - if try_1_ <. 15uy + if try_1_ <. mk_u8 15 then let try_1_:i32 = cast (try_1_ <: u8) <: i32 in let try_1_mod_5_:i32 = - try_1_ -! (((try_1_ *! 26l <: i32) >>! 7l <: i32) *! 5l <: i32) + try_1_ -! (((try_1_ *! mk_i32 26 <: i32) >>! mk_i32 7 <: i32) *! mk_i32 5 <: i32) in let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (2l -! try_1_mod_5_ <: i32) + (mk_i32 2 -! try_1_mod_5_ <: i32) in - let sampled:usize = sampled +! sz 1 in + let sampled:usize = sampled +! mk_usize 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize)) in @@ -53,7 +53,7 @@ let rejection_sample_less_than_eta_equals_2_ (randomness: t_Slice u8) (out: t_Sl out, hax_temp_output <: (t_Slice i32 & usize) let rejection_sample_less_than_eta_equals_4_ (randomness: t_Slice u8) (out: t_Slice i32) = - let sampled:usize = sz 0 in + let sampled:usize = mk_usize 0 in let out, sampled:(t_Slice i32 & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter u8) @@ -65,28 +65,28 @@ let rejection_sample_less_than_eta_equals_4_ (randomness: t_Slice u8) (out: t_Sl (fun temp_0_ byte -> let out, sampled:(t_Slice i32 & usize) = temp_0_ in let byte:u8 = byte in - let try_0_:u8 = byte &. 15uy in - let try_1_:u8 = byte >>! 4l in + let try_0_:u8 = byte &. mk_u8 15 in + let try_1_:u8 = byte >>! mk_i32 4 in let out, sampled:(t_Slice i32 & usize) = - if try_0_ <. 9uy + if try_0_ <. mk_u8 9 then let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (4l -! (cast (try_0_ <: u8) <: i32) <: i32) + (mk_i32 4 -! (cast (try_0_ <: u8) <: i32) <: i32) in - let sampled:usize = sampled +! sz 1 in + let sampled:usize = sampled +! mk_usize 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize) in - if try_1_ <. 9uy + if try_1_ <. mk_u8 9 then let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (4l -! (cast (try_1_ <: u8) <: i32) <: i32) + (mk_i32 4 -! (cast (try_1_ <: u8) <: i32) <: i32) in - let sampled:usize = sampled +! sz 1 in + let sampled:usize = sampled +! mk_usize 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize)) in @@ -94,30 +94,33 @@ let rejection_sample_less_than_eta_equals_4_ (randomness: t_Slice u8) (out: t_Sl out, hax_temp_output <: (t_Slice i32 & usize) let rejection_sample_less_than_field_modulus (randomness: t_Slice u8) (out: t_Slice i32) = - let sampled:usize = sz 0 in + let sampled:usize = mk_usize 0 in let out, sampled:(t_Slice i32 & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (mk_usize 3) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Slice.Iter.t_ChunksExact u8) (out, sampled <: (t_Slice i32 & usize)) (fun temp_0_ bytes -> let out, sampled:(t_Slice i32 & usize) = temp_0_ in let bytes:t_Slice u8 = bytes in - let b0:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in - let b1:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in - let b2:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in + let b0:i32 = cast (bytes.[ mk_usize 0 ] <: u8) <: i32 in + let b1:i32 = cast (bytes.[ mk_usize 1 ] <: u8) <: i32 in + let b2:i32 = cast (bytes.[ mk_usize 2 ] <: u8) <: i32 in let coefficient:i32 = - (((b2 < + (fun + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + -> true); f_ntt_post = (fun - (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) -> true); f_ntt = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) -> - let simd_units:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + (fun + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + -> + let simd_units:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) + = Libcrux_ml_dsa.Simd.Portable.Ntt.ntt simd_units in simd_units); f_invert_ntt_montgomery_pre = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) -> + (fun + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + -> true); f_invert_ntt_montgomery_post = (fun - (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) -> true); f_invert_ntt_montgomery = - fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) -> - let simd_units:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + fun + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + -> + let simd_units:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Libcrux_ml_dsa.Simd.Portable.Invntt.invert_ntt_montgomery simd_units in simd_units diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti index b67afeff8..10f2df73f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti @@ -145,23 +145,23 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_t1_deserialize_pre x0 x1) (fun result -> f_t1_deserialize_post x0 x1 result); - f_ntt_pre:t_Array v_Self (sz 32) -> Type0; - f_ntt_post:t_Array v_Self (sz 32) -> t_Array v_Self (sz 32) -> Type0; - f_ntt:x0: t_Array v_Self (sz 32) - -> Prims.Pure (t_Array v_Self (sz 32)) (f_ntt_pre x0) (fun result -> f_ntt_post x0 result); - f_invert_ntt_montgomery_pre:t_Array v_Self (sz 32) -> Type0; - f_invert_ntt_montgomery_post:t_Array v_Self (sz 32) -> t_Array v_Self (sz 32) -> Type0; - f_invert_ntt_montgomery:x0: t_Array v_Self (sz 32) - -> Prims.Pure (t_Array v_Self (sz 32)) + f_ntt_pre:t_Array v_Self (mk_usize 32) -> Type0; + f_ntt_post:t_Array v_Self (mk_usize 32) -> t_Array v_Self (mk_usize 32) -> Type0; + f_ntt:x0: t_Array v_Self (mk_usize 32) + -> Prims.Pure (t_Array v_Self (mk_usize 32)) (f_ntt_pre x0) (fun result -> f_ntt_post x0 result); + f_invert_ntt_montgomery_pre:t_Array v_Self (mk_usize 32) -> Type0; + f_invert_ntt_montgomery_post:t_Array v_Self (mk_usize 32) -> t_Array v_Self (mk_usize 32) -> Type0; + f_invert_ntt_montgomery:x0: t_Array v_Self (mk_usize 32) + -> Prims.Pure (t_Array v_Self (mk_usize 32)) (f_invert_ntt_montgomery_pre x0) (fun result -> f_invert_ntt_montgomery_post x0 result) } -let v_COEFFICIENTS_IN_SIMD_UNIT: usize = sz 8 +let v_COEFFICIENTS_IN_SIMD_UNIT: usize = mk_usize 8 -let v_FIELD_MODULUS: i32 = 8380417l +let v_FIELD_MODULUS: i32 = mk_i32 8380417 -let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u64 = 58728449uL +let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u64 = mk_u64 58728449 let v_SIMD_UNITS_IN_RING_ELEMENT: usize = Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! v_COEFFICIENTS_IN_SIMD_UNIT diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst index 18c957ce8..8822a3e1d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst @@ -26,15 +26,15 @@ let impl_2__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) = let t_SigningError_cast_to_repr (x: t_SigningError) = match x <: t_SigningError with - | SigningError_RejectionSamplingError -> isz 0 - | SigningError_ContextTooLongError -> isz 1 + | SigningError_RejectionSamplingError -> mk_isize 0 + | SigningError_ContextTooLongError -> mk_isize 1 let t_VerificationError_cast_to_repr (x: t_VerificationError) = match x <: t_VerificationError with - | VerificationError_MalformedHintError -> isz 0 - | VerificationError_SignerResponseExceedsBoundError -> isz 1 - | VerificationError_CommitmentHashesDontMatchError -> isz 3 - | VerificationError_VerificationContextTooLongError -> isz 6 + | VerificationError_MalformedHintError -> mk_isize 0 + | VerificationError_SignerResponseExceedsBoundError -> mk_isize 1 + | VerificationError_CommitmentHashesDontMatchError -> mk_isize 3 + | VerificationError_VerificationContextTooLongError -> mk_isize 6 [@@ FStar.Tactics.Typeclasses.tcinstance] assume @@ -67,13 +67,13 @@ val impl_7': Core.Fmt.t_Debug t_SigningError let impl_7 = impl_7' let impl__zero (v_SIZE: usize) (_: Prims.unit) = - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MLDSASigningKey v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MLDSASigningKey v_SIZE let impl_2__zero (v_SIZE: usize) (_: Prims.unit) = - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MLDSAVerificationKey v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MLDSAVerificationKey v_SIZE let impl_4__zero (v_SIZE: usize) (_: Prims.unit) = - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MLDSASignature v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MLDSASignature v_SIZE let impl__as_slice (v_SIZE: usize) (self: t_MLDSASigningKey v_SIZE) = self.f_value <: t_Slice u8 diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst index 0451136c0..a740de583 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fst @@ -1,5 +1,5 @@ module Libcrux_platform.Platform -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti index e8713dad5..95dad6932 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti @@ -1,5 +1,5 @@ module Libcrux_platform.Platform -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul From 9d8d421ed0628ca2860dc853146338131b2c56cc Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sat, 18 Jan 2025 19:12:48 +0000 Subject: [PATCH 03/15] everything except ind-cpa verified --- .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst | 2 +- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 427387be8..da6a659e2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -440,7 +440,7 @@ let sample_vector_cbd_then_ntt_helper_2 (Spec.MLKEM.sample_vector_cbd_then_ntt #v_K (Seq.slice prf_input 0 32) (sz (v domain_separator))) -#push-options "--max_fuel 25 --z3rlimit 2500 --ext context_pruning --z3refresh --split_queries always" +#push-options "--max_fuel 25 --z3rlimit 2800 --ext context_pruning --z3refresh --split_queries always" let sample_vector_cbd_then_ntt (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 7865c6d43..fa7700ebb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,7 +1,8 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst \ Libcrux_ml_kem.Vector.Rej_sample_table.fsti -ADMIT_MODULES = Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ +ADMIT_MODULES = Libcrux_ml_kem.Ind_cpa.fst \ + Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ Libcrux_ml_kem.Vector.Neon.Compress.fst \ Libcrux_ml_kem.Vector.Neon.fsti \ Libcrux_ml_kem.Vector.Neon.fst \ From 7d21a8ad8dfe88c6b54653d8cc427ef4f34f9a0c Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sat, 18 Jan 2025 19:17:07 +0000 Subject: [PATCH 04/15] fmt --- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index a7b829584..2d72896ae 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -199,7 +199,9 @@ pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) -> value_low, mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - hax_lib::fstar!(r#"assert (forall i. get_lane $k i == get_lane $value_low i *. (neg (mk_i16 3327)))"#); + hax_lib::fstar!( + r#"assert (forall i. get_lane $k i == get_lane $value_low i *. (neg (mk_i16 3327)))"# + ); let modulus = mm256_set1_epi16(FIELD_MODULUS); hax_lib::fstar!(r#"assert (forall i. get_lane $modulus i == (mk_i16 3329))"#); let k_times_modulus = mm256_mulhi_epi16(k, modulus); @@ -250,7 +252,9 @@ pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) - value_low, mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - hax_lib::fstar!(r#"assert (forall i. get_lane $k i == get_lane $value_low i *. (neg (mk_i16 3327)))"#); + hax_lib::fstar!( + r#"assert (forall i. get_lane $k i == get_lane $value_low i *. (neg (mk_i16 3327)))"# + ); let modulus = mm256_set1_epi16(FIELD_MODULUS); hax_lib::fstar!(r#"assert (forall i. get_lane $modulus i == (mk_i16 3329))"#); From e97b542f285888bd167eff3ad85059ac232b1060 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 21 Jan 2025 20:11:18 +0100 Subject: [PATCH 05/15] split up hax jobs --- .github/workflows/hax.yml | 123 ++++++++++++++++++++++++++------------ 1 file changed, 85 insertions(+), 38 deletions(-) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index 17e057f4b..d0b578beb 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -13,8 +13,8 @@ on: workflow_dispatch: inputs: hax_rev: - description: 'The hax revision you want this job to use' - default: 'main' + description: "The hax revision you want this job to use" + default: "main" merge_group: env: @@ -25,61 +25,108 @@ concurrency: cancel-in-progress: true jobs: - hax: - runs-on: "ubuntu-latest" + mlkem-extract: + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + - uses: hacspec/hax-actions@main + with: + hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} - - name: ⤵ Install FStar - run: nix profile install github:FStarLang/FStar/v2024.12.03 + - name: 🏃 Extract ML-KEM crate + working-directory: libcrux-ml-kem + run: ./hax.py extract - - name: ⤵ Clone HACL-star repository - uses: actions/checkout@v4 + - name: ↑ Upload F* extraction + uses: actions/upload-artifact@v4 with: - repository: hacl-star/hacl-star - path: hacl-star + name: fstar-extraction-mlkem + path: libcrux-ml-kem/proofs/ + include-hidden-files: true + if-no-files-found: error + + mlkem-diff: + needs: mlkem-extract + runs-on: ubuntu-latest - - name: ⤵ Clone hax repository - uses: actions/checkout@v4 + steps: + - uses: actions/checkout@v4 + - uses: actions/download-artifact@v4 with: - repository: hacspec/hax - ref: ${{ github.event.inputs.hax_rev || 'main' }} - path: hax + name: fstar-extraction-mlkem + path: ~/fstar-extraction-mlkem - - name: ⤵ Install & confiure Cachix + - name: = Diff Extraction run: | - nix profile install nixpkgs#cachix - cachix use hax + diff -r libcrux-ml-kem/proofs/fstar/extraction/ \ + ~/fstar-extraction-mlkem/fstar/extraction/ - - name: ⤵ Install hax - run: | - nix profile install ./hax + mlkem-lax: + runs-on: ubuntu-latest + needs: + - mlkem-extract + - mlkem-diff - - name: 🏃 Extract ML-KEM crate - working-directory: libcrux-ml-kem - run: ./hax.py extract + steps: + - uses: actions/checkout@v4 + - uses: hacspec/hax-actions@main + with: + hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} - name: 🏃 Lax ML-KEM crate working-directory: libcrux-ml-kem - run: | - env FSTAR_HOME=${{ github.workspace }}/fstar \ - HACL_HOME=${{ github.workspace }}/hacl-star \ - HAX_HOME=${{ github.workspace }}/hax \ - PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ - ./hax.py prove --admit + run: ./hax.py prove --admit + + mldsa-extract: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - uses: hacspec/hax-actions@main + with: + hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} - name: 🏃 Extract ML-DSA crate working-directory: libcrux-ml-dsa run: ./hax.py extract + - name: ↑ Upload F* extraction + uses: actions/upload-artifact@v4 + with: + name: fstar-extraction-mldsa + path: libcrux-ml-dsa/proofs/ + include-hidden-files: true + if-no-files-found: error + + mldsa-diff: + needs: mldsa-extract + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - uses: actions/download-artifact@v4 + with: + name: fstar-extraction-mldsa + path: ~/fstar-extraction-mldsa + + - name: = Diff Extraction + run: | + diff -r libcrux-ml-dsa/proofs/fstar/extraction/ \ + ~/fstar-extraction-mldsa/fstar/extraction/ + + mldsa-lax: + runs-on: ubuntu-latest + needs: + - mldsa-extract + - mldsa-diff + + steps: + - uses: actions/checkout@v4 + - uses: hacspec/hax-actions@main + with: + hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} + - name: 🏃 Lax ML-DSA crate working-directory: libcrux-ml-dsa - run: | - env FSTAR_HOME=${{ github.workspace }}/fstar \ - HACL_HOME=${{ github.workspace }}/hacl-star \ - HAX_HOME=${{ github.workspace }}/hax \ - PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ - ./hax.py prove --admit + run: ./hax.py prove --admit From 8d576fb760ad93f4433444b120b79214e6620f3e Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 22 Jan 2025 13:30:32 +0100 Subject: [PATCH 06/15] Update hax.yml --- .github/workflows/hax.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index d0b578beb..f055965b1 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -30,7 +30,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: hacspec/hax-actions@main + - uses: hacspec/hax-actions@fstar-version with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} @@ -70,7 +70,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: hacspec/hax-actions@main + - uses: hacspec/hax-actions@fstar-version with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} @@ -83,7 +83,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: hacspec/hax-actions@main + - uses: hacspec/hax-actions@fstar-version with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} @@ -123,7 +123,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: hacspec/hax-actions@main + - uses: hacspec/hax-actions@fstar-version with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} From ccbb5f7e786909d47bcf25610ec4dd33c7bde0bb Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 23 Jan 2025 10:05:12 +0100 Subject: [PATCH 07/15] refactor(fstar-helpers/tactics): drop the tactics related to machine integers --- fstar-helpers/fstar-bitvec/RwLemmas.fst | 71 ----- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 6 +- .../fstar-bitvec/Tactics.MachineInts.fst | 275 ------------------ 3 files changed, 2 insertions(+), 350 deletions(-) delete mode 100644 fstar-helpers/fstar-bitvec/RwLemmas.fst delete mode 100644 fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst deleted file mode 100644 index 1fc1e00de..000000000 --- a/fstar-helpers/fstar-bitvec/RwLemmas.fst +++ /dev/null @@ -1,71 +0,0 @@ -module RwLemmas - -open Core -module L = FStar.List.Tot -open FStar.Tactics.V2 -open FStar.Tactics.V2.SyntaxHelpers -open FStar.Class.Printable -open FStar.Mul -open FStar.Option - -open Tactics.Utils -open Tactics.Pow2 - -open BitVecEq {} - -let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) - -#push-options "--z3rlimit 40" -let deserialize_10_int (bytes: t_Array u8 (sz 10)) = - let r0:i16 = - (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) - in - let r2:i16 = - (((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) - in - let r3:i16 = - ((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) - in - let r4:i16 = - (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) - in - let r6:i16 = - (((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) - in - let r7:i16 = - ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) - in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - result -#pop-options - -let deserialize_10_int' (bytes: t_Array u8 (sz 10)): t_Array i16 (sz 8) - = MkSeq.create8 (deserialize_10_int bytes) - -#push-options "--compat_pre_core 0" -#push-options "--z3rlimit 80" -let fff_ (bytes: t_Array u8 (sz 10)) x: unit = - let bv1 = bit_vec_of_int_t_array bytes 8 in - let out = deserialize_10_int' bytes in - let bv2 = bit_vec_of_int_t_array out 10 in - assert (forall (i: nat { i < 80 }). bv1 i == bv2 i) by ( - Tactics.GetBit.prove_bit_vector_equality () - ) -#pop-options - diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index abec9b4fe..1a6b1e0b1 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -15,9 +15,6 @@ open Tactics.Pow2 open BitVecEq open Tactics.Seq - -let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) - /// Does one round of computation let compute_one_round (): Tac _ = norm [ iota; zeta; reify_ @@ -31,7 +28,6 @@ let compute_one_round (): Tac _ = ] ; primops; unmeta]; trace "compute_one_round: norm_pow2" norm_pow2; - trace "compute_one_round: norm_machine_int" norm_machine_int; trace "compute_one_round: norm_index" norm_index /// Normalizes up to `get_bit` @@ -57,10 +53,12 @@ let prove_bit_vector_equality'' (): Tac unit = print ("Ask SMT: " ^ term_to_string (cur_goal ())); focus smt_sync )) + let prove_bit_vector_equality' (): Tac unit = if lax_on () then iterAll tadmit else prove_bit_vector_equality'' () + let prove_bit_vector_equality (): Tac unit = set_rlimit 100; with_compat_pre_core 0 prove_bit_vector_equality' diff --git a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst deleted file mode 100644 index 4cdeeb1a5..000000000 --- a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst +++ /dev/null @@ -1,275 +0,0 @@ -/// This module interprets machine integers terms that comes from -/// `FStar.[U]Int*` modules or from `Rust_primtiives.Integers` module. -/// It can then convert from and back those two representation, -/// normalize them, etc. -module Tactics.MachineInts - -open FStar.Tactics.V2 -open FStar.Tactics.V2.SyntaxHelpers -open FStar.Class.Printable -open FStar.Option - -open Tactics.Utils -module RI = Rust_primitives.Integers - -/// The size of a machine int -type size = - | PtrSize - | Size of n:nat {match n with | 8 | 16 | 32 | 64 | 128 -> true | _ -> false} -/// The signedness of a machine int -type signedness = | Signed | Unsigned - -/// The operations we recognize on machine ints -type machine_int_op = | MkInt | V - -/// The AST of a machine int expression -noeq type machine_int_term = - /// Operations `mk_int` (aka `FStar.[U]Int*.[u]int_to_t`) and `v` - | Op { /// Which operation is it? - op: machine_int_op - /// Is that a generic (Rust_primitives.Integers) operation or a native one (FStar.[U]Int*)? - ; native: bool - ; size: size - ; signedness: signedness - ; contents: machine_int_term } - /// A (math) integer literal - | Lit of int - /// An arbitrary term - | Term of term - -/// Expect `n` to be a definition in a machine int namespace -let expect_native_machine_int_ns (n: string): (option (signedness & size & string)) - = match explode_qn n with - | "FStar"::int_module::[def_name] -> - let? (sign, size) = match int_module with - | "Int8" -> Some (Signed, Size 8) - | "Int16" -> Some (Signed, Size 16) - | "Int32" -> Some (Signed, Size 32) - | "Int64" -> Some (Signed, Size 64) - | "Int128" -> Some (Signed, Size 128) - | "UInt8" -> Some (Unsigned, Size 8) - | "UInt16" -> Some (Unsigned, Size 16) - | "UInt32" -> Some (Unsigned, Size 32) - | "UInt64" -> Some (Unsigned, Size 64) - | "UInt18" -> Some (Unsigned, Size 128) - | _ -> None - in Some (sign, size, def_name) - | _ -> None - -/// Given a sign and a size, produces the correct namespace `FStar.[U]Int*` -let mk_native_machine_int_ns (sign: signedness) (size: size): option (list string) - = let sign = match sign with | Signed -> "" | Unsigned -> "U" in - let? size = match size with | PtrSize -> None | Size n -> Some (string_of_int n) in - Some ["FStar"; sign ^ "Int" ^ size] - -/// Interpret HACL*'s `inttype`s -let expect_inttype t: Tac (option (signedness & size)) - = let t = norm_term [iota; reify_; delta_namespace ["Rust_primitives.Integers"; "Lib.IntTypes"]; primops; unmeta] t in - let?# t = expect_fvar t in - match t with - | `%RI.i8_inttype | `%Lib.IntTypes.S8 -> Some ( Signed, Size 8) - | `%RI.i16_inttype | `%Lib.IntTypes.S16 -> Some ( Signed, Size 16) - | `%RI.i32_inttype | `%Lib.IntTypes.S32 -> Some ( Signed, Size 32) - | `%RI.i64_inttype | `%Lib.IntTypes.S64 -> Some ( Signed, Size 64) - | `%RI.i128_inttype | `%Lib.IntTypes.S128 -> Some ( Signed, Size 128) - | `%RI.u8_inttype | `%Lib.IntTypes.U8 -> Some (Unsigned, Size 8) - | `%RI.u16_inttype | `%Lib.IntTypes.U16 -> Some (Unsigned, Size 16) - | `%RI.u32_inttype | `%Lib.IntTypes.U32 -> Some (Unsigned, Size 32) - | `%RI.u64_inttype | `%Lib.IntTypes.U64 -> Some (Unsigned, Size 64) - | `%RI.u128_inttype | `%Lib.IntTypes.U128 -> Some (Unsigned, Size 128) - | `%RI.isize_inttype -> Some (Signed, PtrSize) - | `%RI.usize_inttype -> Some (Unsigned, PtrSize) - | _ -> None - -/// Given a signedness and a size, creates a name `[ui]*_inttype` -let mk_inttype_name (sign: signedness) (size: size): name = - let sign = match sign with | Signed -> "i" | Unsigned -> "u" in - let size = match size with | PtrSize -> "size" | Size n -> string_of_int n in - ["Rust_primitives"; "Integers"; sign ^ size ^ "_inttype"] - -/// Given a signedness and a size, creates a term `[ui]*_inttype` -let mk_inttype (sign: signedness) (size: size): Tac term = - pack (Tv_FVar (pack_fv (mk_inttype_name sign size))) - -/// Interprets a term as a machine int. This function always returns -/// something: when `t` is not a machine int expression we recognize, -/// it returns `Term t`. Below, `term_to_machine_int_term` returns an -/// option. -let rec term_to_machine_int_term' (t: term): Tac machine_int_term = - match term_to_machine_int_term'' t with | Some t -> t | None -> Term t -and term_to_machine_int_term'' (t: term): Tac (option machine_int_term) = - let t = norm_term [delta_only [(`%RI.sz); (`%RI.isz)]] t in - match t with - | Tv_Const (C_Int n) -> Some (Lit n) - | _ -> - let?# (hd, args) = collect_app_hd t in - match expect_native_machine_int_ns hd, args with - | (Some (signedness, size, def_name), [arg, _]) -> begin - let native = true in - let contents = term_to_machine_int_term' arg in - let?# op = match def_name with - | "__uint_to_t" | "__int_to_t" | "uint_to_t" | "int_to_t" -> Some MkInt - | "v" -> Some V | _ -> None in - Some (Op {op; native; size; signedness; contents}) - end - | (None, [inttype, _; contents, _]) -> begin - let?# (signedness, size) = expect_inttype inttype in - let contents = term_to_machine_int_term' contents in - let?# op = match hd with | `%RI.mk_int -> Some MkInt - | `%RI.v -> Some V - | _ -> None in - Some (Op {op; native = false; size; signedness; contents}) - end - | _ -> None - -/// Tries to interpret a term as a machine int -let term_to_machine_int_term (t: term): Tac (option (t: machine_int_term {~(Term? t)})) - = match term_to_machine_int_term' t with - | Term _ -> None | t -> Some t - -/// Transform a machine int AST into a term. Note that this doesn't -/// support native usize/isize (aka `FStar.SizeT`), whence the option. -let rec machine_int_term_to_term (t: machine_int_term): Tac (option term) = - match t with - | Term t -> Some t - | Op {native = false; op; size; signedness; contents} -> - let inttype = mk_inttype signedness size in - let?# contents = machine_int_term_to_term contents in - let op = match op with | V -> `RI.v - | MkInt -> `RI.mk_int in - Some (`((`#op) #(`#inttype) (`#contents))) - | Op {native = true; op; size; signedness; contents} -> - let?# ns = mk_native_machine_int_ns signedness size in - let f = FStar.List.Tot.append ns [ - match op with - | MkInt -> (match signedness with | Signed -> "" | Unsigned -> "u") ^ "int_to_t" - | V -> "v" - ] in - let f = pack (Tv_FVar (pack_fv f)) in - let?# contents = machine_int_term_to_term contents in - Some (mk_e_app f [contents]) - | Lit n -> Some (pack (Tv_Const (C_Int n))) - -/// An operation on a machine_int_term -type operation = machine_int_term -> option machine_int_term - -/// Removes `mk_int (v ...)` or `v (mk_int ...)` when it's the same type -let rec flatten_machine_int_term: operation = function - | Op x -> begin match x.contents with - | Op y -> if x.op <> y.op && x.size = y.size && x.signedness = y.signedness - then Some (match flatten_machine_int_term y.contents with - | Some result -> result - | None -> y.contents) - else let? y = flatten_machine_int_term (Op y) in - Some (Op {x with contents = y}) - | _ -> None - end - | _ -> None - -/// Makes a machine int native or not -let rec change_native_machine_int_term (native: bool): operation = function - | Op x -> let contents = change_native_machine_int_term native x.contents in - if x.native = native - then None - else Some (Op { x with native - ; contents = match contents with - | Some contents -> contents - | None -> x.contents}) - | _ -> None - -/// Combines two operation together -let combine: operation -> operation -> operation = - fun f g t -> match f t with - | Some t -> (match g t with | Some t -> Some t | None -> Some t) - | None -> g t - -/// We call `x` a normal machine integer if `x` has no `mk_int (v -/// ...)` or `v (mk_int ...)` sequence and if all `mk_int` and `v` are -/// native (aka `FStar.[U]Int*.*`, not -/// `Rust_primitives.Integer.*`). Note `usize` is an exception, -/// `mk_int` and `v` alone one usizes (and isizes) cannot be reduced -/// further. -let norm_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term true) - -/// We call `x` a normal generic machine integer if `x` has no -/// `FStar.[U]Int*.[u]int_to_t/v`, and no `mk_int (v ...)` or `v -/// (mk_int ...)`. -let norm_generic_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term false) - -/// Unfolds `mk_int` using `mk_int_equiv_lemma` -let norm_mk_int () = Some () // Should now be a noop -(* - let?# (lhs, _) = expect_lhs_eq_uvar () in - let lhs' = term_to_machine_int_term lhs in - match?# lhs' with - | Op {op = MkInt; native = false; size; signedness; contents} -> - let inttype = mk_inttype signedness size in - let lemma = `(RI.mk_int_equiv_lemma #(`#inttype)) in - let lemma = norm_term [primops; iota; delta; zeta] lemma in - focus (fun _ -> - apply_lemma_rw lemma - ); - Some () - | _ -> None -*) - -/// Lemmas to deal with the special case of usize -let rw_v_mk_int_usize x - : Lemma (eq2 (RI.v #RI.usize_inttype (RI.mk_int #RI.usize_inttype x)) x) = () -let rw_mk_int_v_usize x - : Lemma (eq2 (RI.mk_int #RI.usize_inttype (RI.v #RI.usize_inttype x)) x) = () - -/// Rewrites `goal_lhs` into `machine_int`. This function expects the -/// goal to be of the shape ` == (?...)`, where `` -/// is a machine int. Do not call this function directly. -let _rewrite_to (goal_lhs: term) (eq_type: typ) (machine_int: machine_int_term): Tac (option unit) - = let?# t_term = machine_int_term_to_term machine_int in - Some (focus (fun _ -> - let rw = tcut (`squash (eq2 #(`#eq_type) (`#goal_lhs) (`#t_term))) in - // This tcut will generate simple verification conditions, we - // discharge them right away - // iterAllSMT (fun () -> smt_sync `or_else` (fun _ -> dump "norm_mk_int: Could not solve SMT here")); - flip (); - pointwise' (fun () -> match norm_mk_int () with - | Some _ -> () - | None -> // special case for usize - (fun () -> (fun () -> apply_lemma_rw (`rw_v_mk_int_usize)) - `or_else` (fun () -> apply_lemma_rw (`rw_mk_int_v_usize))) - `or_else` trefl - ); - compute (); - trefl (); - apply_lemma_rw rw - )) - -/// Rewrites a goal deeply, replacing every machine integer expression -/// `x` by `f x` (when it is `Some _`). -let transform (f: machine_int_term -> option machine_int_term): Tac unit - = pointwise' (fun _ -> - match revert_if_none (fun _ -> - let?# (lhs, eq_type) = expect_lhs_eq_uvar () in - let?# machine_int = term_to_machine_int_term lhs in - let?# machine_int' = f machine_int in - let?# _ = _rewrite_to lhs eq_type machine_int' in - Some () - ) - with - | None -> trefl () - | _ -> () - ) - -open Rust_primitives.Integers -let _ = fun x -> assert (v (mk_int #usize_inttype x) == x) - by (transform norm_machine_int_term; trefl ()) -let _ = assert (mk_int #u8_inttype 3 == mk_u8 3) - by (transform norm_machine_int_term; trefl ()) -let _ = fun x -> assert (mk_int #u8_inttype x == mk_u8 x) - by (transform norm_machine_int_term) -let _ = assert (v (mk_int #usize_inttype 3) == 3) - by (transform norm_machine_int_term; trefl ()) -let _ = fun x -> assert (v (mk_int #usize_inttype x) == x) - by (transform norm_machine_int_term; trefl ()) -let _ = assert (mk_int #u8_inttype 3 == mk_u8 3) - by (transform norm_generic_machine_int_term; trefl ()) -let _ = fun x -> assert (mk_int #u8_inttype x == mk_u8 x) - by (transform norm_generic_machine_int_term; trefl ()) From bcfed34f9456a09ac859b941a935172c7c5c1515 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 23 Jan 2025 13:25:23 +0100 Subject: [PATCH 08/15] Update hax.yml --- .github/workflows/hax.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index f055965b1..379c27401 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -33,6 +33,7 @@ jobs: - uses: hacspec/hax-actions@fstar-version with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} + fstar: v2024.12.03 - name: 🏃 Extract ML-KEM crate working-directory: libcrux-ml-kem @@ -73,6 +74,7 @@ jobs: - uses: hacspec/hax-actions@fstar-version with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} + fstar: v2024.12.03 - name: 🏃 Lax ML-KEM crate working-directory: libcrux-ml-kem @@ -86,6 +88,7 @@ jobs: - uses: hacspec/hax-actions@fstar-version with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} + fstar: v2024.12.03 - name: 🏃 Extract ML-DSA crate working-directory: libcrux-ml-dsa @@ -126,6 +129,7 @@ jobs: - uses: hacspec/hax-actions@fstar-version with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} + fstar: v2024.12.03 - name: 🏃 Lax ML-DSA crate working-directory: libcrux-ml-dsa From 02b1dca951a455338a1346fd807b8ffea1ce896d Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 23 Jan 2025 19:30:32 +0100 Subject: [PATCH 09/15] update back to main hax action --- .github/workflows/hax.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index 379c27401..ab2416c83 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -30,7 +30,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: hacspec/hax-actions@fstar-version + - uses: hacspec/hax-actions@main with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} fstar: v2024.12.03 @@ -71,7 +71,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: hacspec/hax-actions@fstar-version + - uses: hacspec/hax-actions@main with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} fstar: v2024.12.03 @@ -85,7 +85,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: hacspec/hax-actions@fstar-version + - uses: hacspec/hax-actions@main with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} fstar: v2024.12.03 @@ -126,7 +126,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: hacspec/hax-actions@fstar-version + - uses: hacspec/hax-actions@main with: hax_reference: ${{ github.event.inputs.hax_rev || 'main' }} fstar: v2024.12.03 From 3398e71d51eceec6a8199e1bc15817c3f7fe8f38 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 24 Jan 2025 16:50:30 +0100 Subject: [PATCH 10/15] re-extract --- .../Libcrux_intrinsics.Avx2_extract.fst | 2 +- .../Libcrux_intrinsics.Avx2_extract.fsti | 2 +- .../extraction/Libcrux_ml_dsa.Arithmetic.fst | 59 +- .../extraction/Libcrux_ml_dsa.Arithmetic.fsti | 6 +- .../Libcrux_ml_dsa.Constants.Ml_dsa_44_.fsti | 20 +- .../Libcrux_ml_dsa.Constants.Ml_dsa_65_.fsti | 20 +- .../Libcrux_ml_dsa.Constants.Ml_dsa_87_.fsti | 20 +- .../extraction/Libcrux_ml_dsa.Constants.fst | 12 +- .../extraction/Libcrux_ml_dsa.Constants.fsti | 40 +- .../Libcrux_ml_dsa.Encoding.Commitment.fst | 10 +- .../Libcrux_ml_dsa.Encoding.Error.fst | 16 +- .../Libcrux_ml_dsa.Encoding.Gamma1.fst | 24 +- .../Libcrux_ml_dsa.Encoding.Signature.fst | 124 +- .../Libcrux_ml_dsa.Encoding.Signature.fsti | 10 +- .../Libcrux_ml_dsa.Encoding.Signing_key.fst | 12 +- .../extraction/Libcrux_ml_dsa.Encoding.T0.fst | 12 +- .../Libcrux_ml_dsa.Encoding.T0.fsti | 2 +- .../extraction/Libcrux_ml_dsa.Encoding.T1.fst | 12 +- .../Libcrux_ml_dsa.Encoding.T1.fsti | 4 +- ...bcrux_ml_dsa.Encoding.Verification_key.fst | 9 +- .../Libcrux_ml_dsa.Hash_functions.Neon.fst | 28 +- .../Libcrux_ml_dsa.Hash_functions.Neon.fsti | 22 +- ...Libcrux_ml_dsa.Hash_functions.Portable.fst | 32 +- ...ibcrux_ml_dsa.Hash_functions.Portable.fsti | 26 +- ...ibcrux_ml_dsa.Hash_functions.Shake128.fsti | 42 +- ...ibcrux_ml_dsa.Hash_functions.Shake256.fsti | 22 +- .../Libcrux_ml_dsa.Hash_functions.Simd256.fst | 32 +- ...Libcrux_ml_dsa.Hash_functions.Simd256.fsti | 26 +- .../extraction/Libcrux_ml_dsa.Matrix.fst | 22 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti | 33 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti | 33 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti | 33 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst | 76 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti | 24 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst | 102 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti | 43 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst | 102 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti | 43 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst | 102 +- .../Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti | 43 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst | 76 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti | 24 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti | 33 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti | 33 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst | 92 +- .../Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti | 33 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst | 76 +- .../extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti | 24 +- ...generic.Instantiations.Avx2.Ml_dsa_44_.fst | 75 +- ...eneric.Instantiations.Avx2.Ml_dsa_44_.fsti | 64 +- ...generic.Instantiations.Avx2.Ml_dsa_65_.fst | 75 +- ...eneric.Instantiations.Avx2.Ml_dsa_65_.fsti | 64 +- ...generic.Instantiations.Avx2.Ml_dsa_87_.fst | 75 +- ...eneric.Instantiations.Avx2.Ml_dsa_87_.fsti | 64 +- ...generic.Instantiations.Neon.Ml_dsa_44_.fst | 48 +- ...eneric.Instantiations.Neon.Ml_dsa_44_.fsti | 39 +- ...generic.Instantiations.Neon.Ml_dsa_65_.fst | 48 +- ...eneric.Instantiations.Neon.Ml_dsa_65_.fsti | 39 +- ...generic.Instantiations.Neon.Ml_dsa_87_.fst | 48 +- ...eneric.Instantiations.Neon.Ml_dsa_87_.fsti | 39 +- ...ric.Instantiations.Portable.Ml_dsa_44_.fst | 48 +- ...ic.Instantiations.Portable.Ml_dsa_44_.fsti | 39 +- ...ric.Instantiations.Portable.Ml_dsa_65_.fst | 48 +- ...ic.Instantiations.Portable.Ml_dsa_65_.fsti | 39 +- ...ric.Instantiations.Portable.Ml_dsa_87_.fst | 48 +- ...ic.Instantiations.Portable.Ml_dsa_87_.fsti | 39 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst | 525 +++++---- ...crux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fsti | 42 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst | 525 +++++---- ...crux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fsti | 42 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst | 525 +++++---- ...crux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fsti | 42 +- ...Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fst | 66 +- ...l_dsa_generic.Multiplexing.Ml_dsa_44_.fsti | 30 +- ...Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fst | 66 +- ...l_dsa_generic.Multiplexing.Ml_dsa_65_.fsti | 30 +- ...Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fst | 66 +- ...l_dsa_generic.Multiplexing.Ml_dsa_87_.fsti | 30 +- .../Libcrux_ml_dsa.Ml_dsa_generic.fst | 17 +- .../Libcrux_ml_dsa.Ml_dsa_generic.fsti | 4 +- .../fstar/extraction/Libcrux_ml_dsa.Ntt.fst | 4 +- .../extraction/Libcrux_ml_dsa.Polynomial.fst | 35 +- .../extraction/Libcrux_ml_dsa.Polynomial.fsti | 4 +- .../extraction/Libcrux_ml_dsa.Pre_hash.fst | 11 +- .../extraction/Libcrux_ml_dsa.Pre_hash.fsti | 25 +- .../extraction/Libcrux_ml_dsa.Sample.fst | 683 ++++++----- .../extraction/Libcrux_ml_dsa.Sample.fsti | 45 +- .../extraction/Libcrux_ml_dsa.Samplex4.fst | 106 +- .../Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst | 82 +- ...x_ml_dsa.Simd.Avx2.Encoding.Commitment.fst | 104 +- ...ibcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst | 147 ++- ...bcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti | 10 +- ...bcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst | 143 ++- ...crux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti | 12 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst | 79 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst | 87 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Invntt.fst | 615 ++++++---- .../Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti | 80 +- .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fst | 720 +++++++----- .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti | 60 +- ...md.Avx2.Rejection_sample.Less_than_eta.fst | 34 +- ...jection_sample.Less_than_field_modulus.fst | 51 +- ...ection_sample.Less_than_field_modulus.fsti | 3 +- ...md.Avx2.Rejection_sample.Shuffle_table.fst | 84 +- ...d.Avx2.Rejection_sample.Shuffle_table.fsti | 72 +- .../extraction/Libcrux_ml_dsa.Simd.Avx2.fst | 24 +- ...ibcrux_ml_dsa.Simd.Portable.Arithmetic.fst | 100 +- ...bcrux_ml_dsa.Simd.Portable.Arithmetic.fsti | 2 +- ..._dsa.Simd.Portable.Encoding.Commitment.fst | 34 +- ...ux_ml_dsa.Simd.Portable.Encoding.Error.fst | 101 +- ...x_ml_dsa.Simd.Portable.Encoding.Error.fsti | 8 +- ...x_ml_dsa.Simd.Portable.Encoding.Gamma1.fst | 156 +-- ..._ml_dsa.Simd.Portable.Encoding.Gamma1.fsti | 12 +- ...bcrux_ml_dsa.Simd.Portable.Encoding.T0.fst | 197 ++-- ...crux_ml_dsa.Simd.Portable.Encoding.T0.fsti | 3 +- ...bcrux_ml_dsa.Simd.Portable.Encoding.T1.fst | 84 +- .../Libcrux_ml_dsa.Simd.Portable.Invntt.fst | 954 ++++++++------- .../Libcrux_ml_dsa.Simd.Portable.Invntt.fsti | 72 +- .../Libcrux_ml_dsa.Simd.Portable.Ntt.fst | 978 ++++++++++------ .../Libcrux_ml_dsa.Simd.Portable.Ntt.fsti | 80 +- .../Libcrux_ml_dsa.Simd.Portable.Sample.fst | 57 +- ...bcrux_ml_dsa.Simd.Portable.Vector_type.fst | 5 +- ...crux_ml_dsa.Simd.Portable.Vector_type.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Portable.fst | 29 +- .../Libcrux_ml_dsa.Simd.Traits.fsti | 22 +- .../fstar/extraction/Libcrux_ml_dsa.Types.fst | 18 +- .../Libcrux_ml_kem.Constant_time_ops.fst | 27 +- .../Libcrux_ml_kem.Constant_time_ops.fsti | 12 +- .../extraction/Libcrux_ml_kem.Constants.fsti | 16 +- .../Libcrux_ml_kem.Hash_functions.Avx2.fst | 16 +- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 16 +- .../Libcrux_ml_kem.Hash_functions.Neon.fst | 16 +- .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 16 +- ...Libcrux_ml_kem.Hash_functions.Portable.fst | 16 +- ...ibcrux_ml_kem.Hash_functions.Portable.fsti | 16 +- .../Libcrux_ml_kem.Hash_functions.fsti | 35 +- ...m.Ind_cca.Instantiations.Avx2.Unpacked.fst | 8 +- ....Ind_cca.Instantiations.Avx2.Unpacked.fsti | 18 +- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 8 +- ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 18 +- ...m.Ind_cca.Instantiations.Neon.Unpacked.fst | 4 +- ....Ind_cca.Instantiations.Neon.Unpacked.fsti | 9 +- ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 4 +- ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 9 +- ...d_cca.Instantiations.Portable.Unpacked.fst | 4 +- ..._cca.Instantiations.Portable.Unpacked.fsti | 9 +- ...ml_kem.Ind_cca.Instantiations.Portable.fst | 4 +- ...l_kem.Ind_cca.Instantiations.Portable.fsti | 9 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fst | 4 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fsti | 9 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 56 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 17 +- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 54 +- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 15 +- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fst | 2 +- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti | 2 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 95 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 18 +- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 50 +- .../extraction/Libcrux_ml_kem.Matrix.fst | 34 +- .../extraction/Libcrux_ml_kem.Matrix.fsti | 2 +- ...Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst | 145 +-- ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 60 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 24 +- ...Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst | 145 +-- ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 60 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 24 +- ...rux_ml_kem.Mlkem1024.Portable.Unpacked.fst | 145 +-- ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 60 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 24 +- .../Libcrux_ml_kem.Mlkem1024.Rand.fst | 24 +- .../Libcrux_ml_kem.Mlkem1024.Rand.fsti | 8 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fst | 60 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fsti | 57 +- .../Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst | 144 +-- ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 60 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 24 +- .../Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst | 144 +-- ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem512.Neon.fst | 60 +- .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 24 +- ...crux_ml_kem.Mlkem512.Portable.Unpacked.fst | 145 +-- ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti | 64 +- .../Libcrux_ml_kem.Mlkem512.Portable.fst | 60 +- .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 24 +- .../Libcrux_ml_kem.Mlkem512.Rand.fst | 26 +- .../Libcrux_ml_kem.Mlkem512.Rand.fsti | 8 +- .../extraction/Libcrux_ml_kem.Mlkem512.fst | 60 +- .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 57 +- .../Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst | 157 +-- ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 70 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 60 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 24 +- .../Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst | 157 +-- ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 70 +- .../Libcrux_ml_kem.Mlkem768.Neon.fst | 60 +- .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 24 +- ...crux_ml_kem.Mlkem768.Portable.Unpacked.fst | 157 +-- ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti | 70 +- .../Libcrux_ml_kem.Mlkem768.Portable.fst | 60 +- .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 24 +- .../Libcrux_ml_kem.Mlkem768.Rand.fst | 24 +- .../Libcrux_ml_kem.Mlkem768.Rand.fsti | 8 +- .../extraction/Libcrux_ml_kem.Mlkem768.fst | 60 +- .../extraction/Libcrux_ml_kem.Mlkem768.fsti | 57 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 93 +- .../extraction/Libcrux_ml_kem.Polynomial.fst | 55 +- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 43 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 203 ++-- .../extraction/Libcrux_ml_kem.Sampling.fsti | 16 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 160 +-- .../extraction/Libcrux_ml_kem.Serialize.fsti | 25 +- .../fstar/extraction/Libcrux_ml_kem.Types.fst | 6 +- .../fstar/extraction/Libcrux_ml_kem.Utils.fst | 44 +- .../extraction/Libcrux_ml_kem.Utils.fsti | 9 +- .../extraction/Libcrux_ml_kem.Variant.fst | 30 +- .../extraction/Libcrux_ml_kem.Variant.fsti | 18 +- .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 12 +- ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 4 +- .../Libcrux_ml_kem.Vector.Avx2.Compress.fst | 47 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fst | 72 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 23 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fsti | 4 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 361 +++--- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 24 +- .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 43 +- .../Libcrux_ml_kem.Vector.Avx2.fsti | 28 +- .../Libcrux_ml_kem.Vector.Neon.Arithmetic.fst | 12 +- ...Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti | 2 +- .../Libcrux_ml_kem.Vector.Neon.Compress.fst | 43 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fst | 17 +- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 236 ++-- .../Libcrux_ml_kem.Vector.Neon.Serialize.fsti | 12 +- ...Libcrux_ml_kem.Vector.Neon.Vector_type.fst | 32 +- ...ibcrux_ml_kem.Vector.Neon.Vector_type.fsti | 4 +- .../extraction/Libcrux_ml_kem.Vector.Neon.fst | 64 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 29 +- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 10 +- ...ibcrux_ml_kem.Vector.Portable.Compress.fst | 26 +- ...bcrux_ml_kem.Vector.Portable.Compress.fsti | 17 +- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 140 +-- ...ibcrux_ml_kem.Vector.Portable.Sampling.fst | 30 +- ...bcrux_ml_kem.Vector.Portable.Sampling.fsti | 4 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 485 ++++---- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 44 +- ...rux_ml_kem.Vector.Portable.Vector_type.fst | 10 +- ...ux_ml_kem.Vector.Portable.Vector_type.fsti | 8 +- .../Libcrux_ml_kem.Vector.Portable.fst | 48 +- .../Libcrux_ml_kem.Vector.Portable.fsti | 32 +- ...ibcrux_ml_kem.Vector.Rej_sample_table.fsti | 1038 +++++++++-------- .../Libcrux_ml_kem.Vector.Traits.fst | 4 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 64 +- 264 files changed, 10328 insertions(+), 8531 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst index fa691e890..611d1d272 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -300,7 +300,7 @@ let mm256_xor_si256 = mm256_xor_si256' assume val mm256_srai_epi16': v_SHIFT_BY: i32 -> vector: t_Vec256 -> Prims.Pure t_Vec256 - (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (requires v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16) (ensures fun result -> let result:t_Vec256 = result in diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 8d8327a3c..9252b7f24 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -233,7 +233,7 @@ val mm256_xor_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 - (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (requires v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16) (ensures fun result -> let result:t_Vec256 = result in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst index c9d13fb76..7f5e53e48 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst @@ -50,7 +50,7 @@ let shift_left_then_reduce (re: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (re.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -77,7 +77,7 @@ let shift_left_then_reduce <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -93,7 +93,7 @@ let power2round_vector = let t, t1:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) t <: usize) @@ -114,7 +114,7 @@ let power2round_vector temp_0_ in let i:usize = i in - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit ((t.[ i ]).Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -162,7 +162,7 @@ let power2round_vector j tmp0 <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -181,7 +181,7 @@ let power2round_vector j tmp1 <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -210,7 +210,7 @@ let decompose_vector = let high, low:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) dimension (fun temp_0_ temp_1_ -> let high, low:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & @@ -229,9 +229,9 @@ let decompose_vector temp_0_ in let i:usize = i in - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit - ((low.[ sz 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) + ((low.[ mk_usize 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun temp_0_ temp_1_ -> @@ -284,7 +284,7 @@ let decompose_vector j tmp0 <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -303,7 +303,7 @@ let decompose_vector j tmp1 <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -328,21 +328,21 @@ let make_hint Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (low high: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) (gamma2: i32) - (hint: t_Slice (t_Array i32 (sz 256))) + (hint: t_Slice (t_Array i32 (mk_usize 256))) = - let true_hints:usize = sz 0 in + let true_hints:usize = mk_usize 0 in let hint_simd:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () in - let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (sz 256)) & + let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (mk_usize 256)) & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) low <: usize) (fun temp_0_ temp_1_ -> - let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (sz 256)) & + let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (mk_usize 256)) & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = temp_0_ @@ -351,11 +351,11 @@ let make_hint true) (hint, hint_simd, true_hints <: - (t_Slice (t_Array i32 (sz 256)) & + (t_Slice (t_Array i32 (mk_usize 256)) & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) (fun temp_0_ i -> - let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (sz 256)) & + let hint, hint_simd, true_hints:(t_Slice (t_Array i32 (mk_usize 256)) & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = temp_0_ @@ -363,7 +363,7 @@ let make_hint let i:usize = i in let hint_simd, true_hints:(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (hint_simd.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -419,21 +419,21 @@ let make_hint <: (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) in - let hint:t_Slice (t_Array i32 (sz 256)) = + let hint:t_Slice (t_Array i32 (mk_usize 256)) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize hint i (Libcrux_ml_dsa.Polynomial.impl__to_i32_array #v_SIMDUnit hint_simd <: - t_Array i32 (sz 256)) + t_Array i32 (mk_usize 256)) in hint, hint_simd, true_hints <: - (t_Slice (t_Array i32 (sz 256)) & + (t_Slice (t_Array i32 (mk_usize 256)) & Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit & usize)) in let hax_temp_output:usize = true_hints in - hint, hax_temp_output <: (t_Slice (t_Array i32 (sz 256)) & usize) + hint, hax_temp_output <: (t_Slice (t_Array i32 (mk_usize 256)) & usize) let use_hint (#v_SIMDUnit: Type0) @@ -441,11 +441,11 @@ let use_hint i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (gamma2: i32) - (hint: t_Slice (t_Array i32 (sz 256))) + (hint: t_Slice (t_Array i32 (mk_usize 256))) (re_vector: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let re_vector:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) re_vector <: @@ -471,10 +471,11 @@ let use_hint tmp in let tmp:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit - ((re_vector.[ sz 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit - ) + ((re_vector.[ mk_usize 0 ]).Libcrux_ml_dsa.Polynomial.f_simd_units + <: + t_Slice v_SIMDUnit) <: usize) (fun tmp temp_1_ -> @@ -505,7 +506,7 @@ let use_hint <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti index 281aae3d4..b3a6bbd17 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti @@ -52,14 +52,14 @@ val make_hint {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (low high: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) (gamma2: i32) - (hint: t_Slice (t_Array i32 (sz 256))) - : Prims.Pure (t_Slice (t_Array i32 (sz 256)) & usize) Prims.l_True (fun _ -> Prims.l_True) + (hint: t_Slice (t_Array i32 (mk_usize 256))) + : Prims.Pure (t_Slice (t_Array i32 (mk_usize 256)) & usize) Prims.l_True (fun _ -> Prims.l_True) val use_hint (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (gamma2: i32) - (hint: t_Slice (t_Array i32 (sz 256))) + (hint: t_Slice (t_Array i32 (mk_usize 256))) (re_vector: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) : Prims.Pure (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_44_.fsti index 21cc9d4b9..60a90b104 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_44_.fsti @@ -3,25 +3,25 @@ module Libcrux_ml_dsa.Constants.Ml_dsa_44_ open Core open FStar.Mul -let v_ROWS_IN_A: usize = sz 4 +let v_ROWS_IN_A: usize = mk_usize 4 -let v_COLUMNS_IN_A: usize = sz 4 +let v_COLUMNS_IN_A: usize = mk_usize 4 let v_ETA: Libcrux_ml_dsa.Constants.t_Eta = Libcrux_ml_dsa.Constants.Eta_Two <: Libcrux_ml_dsa.Constants.t_Eta -let v_BITS_PER_ERROR_COEFFICIENT: usize = sz 3 +let v_BITS_PER_ERROR_COEFFICIENT: usize = mk_usize 3 -let v_GAMMA1_EXPONENT: usize = sz 17 +let v_GAMMA1_EXPONENT: usize = mk_usize 17 -let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! 1l <: i32) /! 88l +let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! mk_i32 1 <: i32) /! mk_i32 88 -let v_BITS_PER_GAMMA1_COEFFICIENT: usize = sz 18 +let v_BITS_PER_GAMMA1_COEFFICIENT: usize = mk_usize 18 -let v_MAX_ONES_IN_HINT: usize = sz 80 +let v_MAX_ONES_IN_HINT: usize = mk_usize 80 -let v_ONES_IN_VERIFIER_CHALLENGE: usize = sz 39 +let v_ONES_IN_VERIFIER_CHALLENGE: usize = mk_usize 39 -let v_COMMITMENT_HASH_SIZE: usize = sz 32 +let v_COMMITMENT_HASH_SIZE: usize = mk_usize 32 -let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = sz 6 +let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = mk_usize 6 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_65_.fsti index 56d74fb95..05a818d79 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_65_.fsti @@ -3,25 +3,25 @@ module Libcrux_ml_dsa.Constants.Ml_dsa_65_ open Core open FStar.Mul -let v_ROWS_IN_A: usize = sz 6 +let v_ROWS_IN_A: usize = mk_usize 6 -let v_COLUMNS_IN_A: usize = sz 5 +let v_COLUMNS_IN_A: usize = mk_usize 5 let v_ETA: Libcrux_ml_dsa.Constants.t_Eta = Libcrux_ml_dsa.Constants.Eta_Four <: Libcrux_ml_dsa.Constants.t_Eta -let v_BITS_PER_ERROR_COEFFICIENT: usize = sz 4 +let v_BITS_PER_ERROR_COEFFICIENT: usize = mk_usize 4 -let v_GAMMA1_EXPONENT: usize = sz 19 +let v_GAMMA1_EXPONENT: usize = mk_usize 19 -let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! 1l <: i32) /! 32l +let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! mk_i32 1 <: i32) /! mk_i32 32 -let v_BITS_PER_GAMMA1_COEFFICIENT: usize = sz 20 +let v_BITS_PER_GAMMA1_COEFFICIENT: usize = mk_usize 20 -let v_MAX_ONES_IN_HINT: usize = sz 55 +let v_MAX_ONES_IN_HINT: usize = mk_usize 55 -let v_ONES_IN_VERIFIER_CHALLENGE: usize = sz 49 +let v_ONES_IN_VERIFIER_CHALLENGE: usize = mk_usize 49 -let v_COMMITMENT_HASH_SIZE: usize = sz 48 +let v_COMMITMENT_HASH_SIZE: usize = mk_usize 48 -let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = sz 4 +let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = mk_usize 4 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_87_.fsti index af828ef56..f67ee96bd 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.Ml_dsa_87_.fsti @@ -3,25 +3,25 @@ module Libcrux_ml_dsa.Constants.Ml_dsa_87_ open Core open FStar.Mul -let v_ROWS_IN_A: usize = sz 8 +let v_ROWS_IN_A: usize = mk_usize 8 -let v_COLUMNS_IN_A: usize = sz 7 +let v_COLUMNS_IN_A: usize = mk_usize 7 let v_ETA: Libcrux_ml_dsa.Constants.t_Eta = Libcrux_ml_dsa.Constants.Eta_Two <: Libcrux_ml_dsa.Constants.t_Eta -let v_BITS_PER_ERROR_COEFFICIENT: usize = sz 3 +let v_BITS_PER_ERROR_COEFFICIENT: usize = mk_usize 3 -let v_GAMMA1_EXPONENT: usize = sz 19 +let v_GAMMA1_EXPONENT: usize = mk_usize 19 -let v_BITS_PER_GAMMA1_COEFFICIENT: usize = sz 20 +let v_BITS_PER_GAMMA1_COEFFICIENT: usize = mk_usize 20 -let v_MAX_ONES_IN_HINT: usize = sz 75 +let v_MAX_ONES_IN_HINT: usize = mk_usize 75 -let v_ONES_IN_VERIFIER_CHALLENGE: usize = sz 60 +let v_ONES_IN_VERIFIER_CHALLENGE: usize = mk_usize 60 -let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! 1l <: i32) /! 32l +let v_GAMMA2: i32 = (Libcrux_ml_dsa.Constants.v_FIELD_MODULUS -! mk_i32 1 <: i32) /! mk_i32 32 -let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = sz 4 +let v_BITS_PER_COMMITMENT_COEFFICIENT: usize = mk_usize 4 -let v_COMMITMENT_HASH_SIZE: usize = sz 64 +let v_COMMITMENT_HASH_SIZE: usize = mk_usize 64 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst index 42a5aa808..afd911f5b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst @@ -23,19 +23,19 @@ let impl_1 = impl_1' let beta (ones_in_verifier_challenge: usize) (eta: t_Eta) = let (eta_val: usize):usize = match eta <: t_Eta with - | Eta_Two -> sz 2 - | Eta_Four -> sz 4 + | Eta_Two -> mk_usize 2 + | Eta_Four -> mk_usize 4 in cast (ones_in_verifier_challenge *! eta_val <: usize) <: i32 let error_ring_element_size (bits_per_error_coefficient: usize) = - (bits_per_error_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 + (bits_per_error_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! mk_usize 8 let gamma1_ring_element_size (bits_per_gamma1_coefficient: usize) = - (bits_per_gamma1_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 + (bits_per_gamma1_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! mk_usize 8 let commitment_ring_element_size (bits_per_commitment_coefficient: usize) = - (bits_per_commitment_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 + (bits_per_commitment_coefficient *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! mk_usize 8 let commitment_vector_size (bits_per_commitment_coefficient rows_in_a: usize) = (commitment_ring_element_size bits_per_commitment_coefficient <: usize) *! rows_in_a @@ -55,7 +55,7 @@ let verification_key_size (rows_in_a: usize) = (v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH -! v_BITS_IN_LOWER_PART_OF_T <: usize) <: usize) /! - sz 8 + mk_usize 8 <: usize) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti index 294c55f78..ecad79cfa 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti @@ -3,54 +3,54 @@ module Libcrux_ml_dsa.Constants open Core open FStar.Mul -let v_FIELD_MODULUS: i32 = 8380417l +let v_FIELD_MODULUS: i32 = mk_i32 8380417 -let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 +let v_COEFFICIENTS_IN_RING_ELEMENT: usize = mk_usize 256 -let v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH: usize = sz 23 +let v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH: usize = mk_usize 23 -let v_BITS_IN_LOWER_PART_OF_T: usize = sz 13 +let v_BITS_IN_LOWER_PART_OF_T: usize = mk_usize 13 let v_RING_ELEMENT_OF_T0S_SIZE: usize = - (v_BITS_IN_LOWER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 + (v_BITS_IN_LOWER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! mk_usize 8 let v_BITS_IN_UPPER_PART_OF_T: usize = v_FIELD_MODULUS_MINUS_ONE_BIT_LENGTH -! v_BITS_IN_LOWER_PART_OF_T let v_RING_ELEMENT_OF_T1S_SIZE: usize = - (v_BITS_IN_UPPER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! sz 8 + (v_BITS_IN_UPPER_PART_OF_T *! v_COEFFICIENTS_IN_RING_ELEMENT <: usize) /! mk_usize 8 -let v_SEED_FOR_A_SIZE: usize = sz 32 +let v_SEED_FOR_A_SIZE: usize = mk_usize 32 -let v_SEED_FOR_ERROR_VECTORS_SIZE: usize = sz 64 +let v_SEED_FOR_ERROR_VECTORS_SIZE: usize = mk_usize 64 -let v_BYTES_FOR_VERIFICATION_KEY_HASH: usize = sz 64 +let v_BYTES_FOR_VERIFICATION_KEY_HASH: usize = mk_usize 64 -let v_SEED_FOR_SIGNING_SIZE: usize = sz 32 +let v_SEED_FOR_SIGNING_SIZE: usize = mk_usize 32 /// Number of bytes of entropy required for key generation. -let v_KEY_GENERATION_RANDOMNESS_SIZE: usize = sz 32 +let v_KEY_GENERATION_RANDOMNESS_SIZE: usize = mk_usize 32 /// Number of bytes of entropy required for signing. -let v_SIGNING_RANDOMNESS_SIZE: usize = sz 32 +let v_SIGNING_RANDOMNESS_SIZE: usize = mk_usize 32 -let v_MESSAGE_REPRESENTATIVE_SIZE: usize = sz 64 +let v_MESSAGE_REPRESENTATIVE_SIZE: usize = mk_usize 64 -let v_MASK_SEED_SIZE: usize = sz 64 +let v_MASK_SEED_SIZE: usize = mk_usize 64 -let v_REJECTION_SAMPLE_BOUND_SIGN: usize = sz 814 +let v_REJECTION_SAMPLE_BOUND_SIGN: usize = mk_usize 814 /// The length of `context` is serialized to a single `u8`. -let v_CONTEXT_MAX_LEN: usize = sz 255 +let v_CONTEXT_MAX_LEN: usize = mk_usize 255 /// Eta values type t_Eta = | Eta_Two : t_Eta | Eta_Four : t_Eta -let discriminant_Eta_Two: isize = isz 2 +let discriminant_Eta_Two: isize = mk_isize 2 -let discriminant_Eta_Four: isize = isz 4 +let discriminant_Eta_Four: isize = mk_isize 4 val t_Eta_cast_to_repr (x: t_Eta) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) @@ -60,9 +60,9 @@ val impl:Core.Clone.t_Clone t_Eta [@@ FStar.Tactics.Typeclasses.tcinstance] val impl_1:Core.Marker.t_Copy t_Eta -let v_GAMMA2_V261_888_: i32 = 261888l +let v_GAMMA2_V261_888_: i32 = mk_i32 261888 -let v_GAMMA2_V95_232_: i32 = 95232l +let v_GAMMA2_V95_232_: i32 = mk_i32 95232 val beta (ones_in_verifier_challenge: usize) (eta: t_Eta) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst index a459d9535..c803ab1ba 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Commitment.fst @@ -18,7 +18,7 @@ let serialize (serialized: t_Slice u8) = let output_bytes_per_simd_unit:usize = - (Core.Slice.impl__len #u8 serialized <: usize) /! (sz 8 *! sz 4 <: usize) + (Core.Slice.impl__len #u8 serialized <: usize) /! (mk_usize 8 *! mk_usize 4 <: usize) in let serialized:t_Slice u8 = Rust_primitives.Hax.Folds.fold_enumerated_slice (re.Libcrux_ml_dsa.Polynomial.f_simd_units @@ -35,7 +35,9 @@ let serialize Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize + Core.Ops.Range.f_end + = + (i +! mk_usize 1 <: usize) *! output_bytes_per_simd_unit <: usize } <: Core.Ops.Range.t_Range usize) @@ -46,7 +48,7 @@ let serialize Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize + (i +! mk_usize 1 <: usize) *! output_bytes_per_simd_unit <: usize } <: Core.Ops.Range.t_Range usize ] @@ -68,7 +70,7 @@ let serialize_vector (vector: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) (serialized: t_Slice u8) = - let (offset: usize):usize = sz 0 in + let (offset: usize):usize = mk_usize 0 in let offset, serialized:(usize & t_Slice u8) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst index 8f33d3386..83ce8e0c7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Error.fst @@ -11,8 +11,8 @@ let _ = let chunk_size (eta: Libcrux_ml_dsa.Constants.t_Eta) = match eta <: Libcrux_ml_dsa.Constants.t_Eta with - | Libcrux_ml_dsa.Constants.Eta_Two -> sz 3 - | Libcrux_ml_dsa.Constants.Eta_Four -> sz 4 + | Libcrux_ml_dsa.Constants.Eta_Two -> mk_usize 3 + | Libcrux_ml_dsa.Constants.Eta_Four -> mk_usize 4 let serialize (#v_SIMDUnit: Type0) @@ -39,7 +39,9 @@ let serialize Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize + Core.Ops.Range.f_end + = + (i +! mk_usize 1 <: usize) *! output_bytes_per_simd_unit <: usize } <: Core.Ops.Range.t_Range usize) @@ -51,7 +53,7 @@ let serialize Core.Ops.Range.f_start = i *! output_bytes_per_simd_unit <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! output_bytes_per_simd_unit <: usize + (i +! mk_usize 1 <: usize) *! output_bytes_per_simd_unit <: usize } <: Core.Ops.Range.t_Range usize ] @@ -75,7 +77,7 @@ let deserialize = let chunk_size:usize = chunk_size eta in let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -100,7 +102,7 @@ let deserialize eta (serialized.[ { Core.Ops.Range.f_start = i *! chunk_size <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! chunk_size <: usize + Core.Ops.Range.f_end = (i +! mk_usize 1 <: usize) *! chunk_size <: usize } <: Core.Ops.Range.t_Range usize ] @@ -110,7 +112,7 @@ let deserialize <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst index 979cd689c..e716c6a97 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Gamma1.fst @@ -32,10 +32,10 @@ let serialize let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = i *! (gamma1_exponent +! sz 1 <: usize) <: usize; + Core.Ops.Range.f_start = i *! (gamma1_exponent +! mk_usize 1 <: usize) <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! (gamma1_exponent +! sz 1 <: usize) <: usize + (i +! mk_usize 1 <: usize) *! (gamma1_exponent +! mk_usize 1 <: usize) <: usize } <: Core.Ops.Range.t_Range usize) @@ -43,10 +43,14 @@ let serialize #FStar.Tactics.Typeclasses.solve simd_unit (serialized.[ { - Core.Ops.Range.f_start = i *! (gamma1_exponent +! sz 1 <: usize) <: usize; + Core.Ops.Range.f_start + = + i *! (gamma1_exponent +! mk_usize 1 <: usize) <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! (gamma1_exponent +! sz 1 <: usize) <: usize + (i +! mk_usize 1 <: usize) *! (gamma1_exponent +! mk_usize 1 <: usize) + <: + usize } <: Core.Ops.Range.t_Range usize ] @@ -71,7 +75,7 @@ let deserialize (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -94,10 +98,14 @@ let deserialize (Libcrux_ml_dsa.Simd.Traits.f_gamma1_deserialize #v_SIMDUnit #FStar.Tactics.Typeclasses.solve (serialized.[ { - Core.Ops.Range.f_start = i *! (gamma1_exponent +! sz 1 <: usize) <: usize; + Core.Ops.Range.f_start + = + i *! (gamma1_exponent +! mk_usize 1 <: usize) <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! (gamma1_exponent +! sz 1 <: usize) <: usize + (i +! mk_usize 1 <: usize) *! (gamma1_exponent +! mk_usize 1 <: usize) + <: + usize } <: Core.Ops.Range.t_Range usize ] @@ -108,7 +116,7 @@ let deserialize <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst index e30292f5b..16ed17d93 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fst @@ -16,12 +16,12 @@ let serialize Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (commitment_hash: t_Slice u8) (signer_response: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (hint: t_Slice (t_Array i32 (sz 256))) + (hint: t_Slice (t_Array i32 (mk_usize 256))) (commitment_hash_size columns_in_a rows_in_a gamma1_exponent gamma1_ring_element_size max_ones_in_hint: usize) (signature: t_Slice u8) = - let offset:usize = sz 0 in + let offset:usize = mk_usize 0 in let signature:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range signature ({ @@ -45,7 +45,7 @@ let serialize in let offset:usize = offset +! commitment_hash_size in let offset, signature:(usize & t_Slice u8) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) columns_in_a (fun temp_0_ temp_1_ -> let offset, signature:(usize & t_Slice u8) = temp_0_ in @@ -82,9 +82,9 @@ let serialize let offset:usize = offset +! gamma1_ring_element_size in offset, signature <: (usize & t_Slice u8)) in - let true_hints_seen:usize = sz 0 in + let true_hints_seen:usize = mk_usize 0 in let signature, true_hints_seen:(t_Slice u8 & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) rows_in_a (fun temp_0_ temp_1_ -> let signature, true_hints_seen:(t_Slice u8 & usize) = temp_0_ in @@ -95,7 +95,7 @@ let serialize let signature, true_hints_seen:(t_Slice u8 & usize) = temp_0_ in let i:usize = i in let signature, true_hints_seen:(t_Slice u8 & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (hint.[ i ] <: t_Slice i32) <: usize) (fun temp_0_ temp_1_ -> let signature, true_hints_seen:(t_Slice u8 & usize) = temp_0_ in @@ -105,14 +105,14 @@ let serialize (fun temp_0_ j -> let signature, true_hints_seen:(t_Slice u8 & usize) = temp_0_ in let j:usize = j in - if ((hint.[ i ] <: t_Array i32 (sz 256)).[ j ] <: i32) =. 1l <: bool + if ((hint.[ i ] <: t_Array i32 (mk_usize 256)).[ j ] <: i32) =. mk_i32 1 <: bool then let signature:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize signature (offset +! true_hints_seen <: usize) (cast (j <: usize) <: u8) in - let true_hints_seen:usize = true_hints_seen +! sz 1 in + let true_hints_seen:usize = true_hints_seen +! mk_usize 1 in signature, true_hints_seen <: (t_Slice u8 & usize) else signature, true_hints_seen <: (t_Slice u8 & usize)) in @@ -125,17 +125,17 @@ let serialize in signature -let set_hint (out_hint: t_Slice (t_Array i32 (sz 256))) (i j: usize) = - let out_hint:t_Slice (t_Array i32 (sz 256)) = +let set_hint (out_hint: t_Slice (t_Array i32 (mk_usize 256))) (i j: usize) = + let out_hint:t_Slice (t_Array i32 (mk_usize 256)) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out_hint i (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (out_hint.[ i ] <: - t_Array i32 (sz 256)) + t_Array i32 (mk_usize 256)) j - 1l + (mk_i32 1) <: - t_Array i32 (sz 256)) + t_Array i32 (mk_usize 256)) in out_hint @@ -148,7 +148,7 @@ let deserialize usize) (serialized out_commitment_hash: t_Slice u8) (out_signer_response: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (out_hint: t_Slice (t_Array i32 (sz 256))) + (out_hint: t_Slice (t_Array i32 (mk_usize 256))) = let _:Prims.unit = if true @@ -163,12 +163,12 @@ let deserialize in let out_commitment_hash:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out_commitment_hash - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = commitment_hash_size } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = commitment_hash_size } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (out_commitment_hash.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = commitment_hash_size } <: @@ -185,7 +185,7 @@ let deserialize (gamma1_ring_element_size *! columns_in_a <: usize) in let out_signer_response:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) columns_in_a (fun out_signer_response temp_1_ -> let out_signer_response:t_Slice @@ -209,7 +209,7 @@ let deserialize Core.Ops.Range.f_start = i *! gamma1_ring_element_size <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! gamma1_ring_element_size <: usize + (i +! mk_usize 1 <: usize) *! gamma1_ring_element_size <: usize } <: Core.Ops.Range.t_Range usize ] @@ -223,19 +223,19 @@ let deserialize <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let previous_true_hints_seen:usize = sz 0 in + let previous_true_hints_seen:usize = mk_usize 0 in match - Rust_primitives.Hax.Folds.fold_range_return (sz 0) + Rust_primitives.Hax.Folds.fold_range_return (mk_usize 0) rows_in_a (fun temp_0_ temp_1_ -> - let out_hint, previous_true_hints_seen:(t_Slice (t_Array i32 (sz 256)) & usize) = + let out_hint, previous_true_hints_seen:(t_Slice (t_Array i32 (mk_usize 256)) & usize) = temp_0_ in let _:usize = temp_1_ in true) - (out_hint, previous_true_hints_seen <: (t_Slice (t_Array i32 (sz 256)) & usize)) + (out_hint, previous_true_hints_seen <: (t_Slice (t_Array i32 (mk_usize 256)) & usize)) (fun temp_0_ i -> - let out_hint, previous_true_hints_seen:(t_Slice (t_Array i32 (sz 256)) & usize) = + let out_hint, previous_true_hints_seen:(t_Slice (t_Array i32 (mk_usize 256)) & usize) = temp_0_ in let i:usize = i in @@ -259,39 +259,39 @@ let deserialize Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) <: (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError)) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & (t_Slice (t_Array i32 (sz 256)) & usize))) + (Prims.unit & (t_Slice (t_Array i32 (mk_usize 256)) & usize))) <: Core.Ops.Control_flow.t_ControlFlow (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & (t_Slice (t_Array i32 (sz 256)) & usize))) - (t_Slice (t_Array i32 (sz 256)) & usize) + (Prims.unit & (t_Slice (t_Array i32 (mk_usize 256)) & usize))) + (t_Slice (t_Array i32 (mk_usize 256)) & usize) else match Rust_primitives.Hax.Folds.fold_range_return previous_true_hints_seen current_true_hints_seen (fun out_hint temp_1_ -> - let out_hint:t_Slice (t_Array i32 (sz 256)) = out_hint in + let out_hint:t_Slice (t_Array i32 (mk_usize 256)) = out_hint in let _:usize = temp_1_ in true) out_hint (fun out_hint j -> - let out_hint:t_Slice (t_Array i32 (sz 256)) = out_hint in + let out_hint:t_Slice (t_Array i32 (mk_usize 256)) = out_hint in let j:usize = j in if (j >. previous_true_hints_seen <: bool) && ((hint_serialized.[ j ] <: u8) <=. - (hint_serialized.[ j -! sz 1 <: usize ] <: u8) + (hint_serialized.[ j -! mk_usize 1 <: usize ] <: u8) <: bool) then @@ -310,47 +310,47 @@ let deserialize <: (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError )) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError - ) (Prims.unit & t_Slice (t_Array i32 (sz 256)))) + ) (Prims.unit & t_Slice (t_Array i32 (mk_usize 256)))) <: Core.Ops.Control_flow.t_ControlFlow (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & t_Slice (t_Array i32 (sz 256)))) - (t_Slice (t_Array i32 (sz 256))) + (Prims.unit & t_Slice (t_Array i32 (mk_usize 256)))) + (t_Slice (t_Array i32 (mk_usize 256))) else Core.Ops.Control_flow.ControlFlow_Continue (set_hint out_hint i (cast (hint_serialized.[ j ] <: u8) <: usize) <: - t_Slice (t_Array i32 (sz 256))) + t_Slice (t_Array i32 (mk_usize 256))) <: Core.Ops.Control_flow.t_ControlFlow (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & t_Slice (t_Array i32 (sz 256)))) - (t_Slice (t_Array i32 (sz 256)))) + (Prims.unit & t_Slice (t_Array i32 (mk_usize 256)))) + (t_Slice (t_Array i32 (mk_usize 256)))) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (t_Slice (t_Array i32 (sz 256))) + (t_Slice (t_Array i32 (mk_usize 256))) with | Core.Ops.Control_flow.ControlFlow_Break ret -> Core.Ops.Control_flow.ControlFlow_Break @@ -359,37 +359,37 @@ let deserialize Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & (t_Slice (t_Array i32 (sz 256)) & usize))) + (Prims.unit & (t_Slice (t_Array i32 (mk_usize 256)) & usize))) <: Core.Ops.Control_flow.t_ControlFlow (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & (t_Slice (t_Array i32 (sz 256)) & usize))) - (t_Slice (t_Array i32 (sz 256)) & usize) + (Prims.unit & (t_Slice (t_Array i32 (mk_usize 256)) & usize))) + (t_Slice (t_Array i32 (mk_usize 256)) & usize) | Core.Ops.Control_flow.ControlFlow_Continue out_hint -> let previous_true_hints_seen:usize = current_true_hints_seen in Core.Ops.Control_flow.ControlFlow_Continue - (out_hint, previous_true_hints_seen <: (t_Slice (t_Array i32 (sz 256)) & usize)) + (out_hint, previous_true_hints_seen <: (t_Slice (t_Array i32 (mk_usize 256)) & usize)) <: Core.Ops.Control_flow.t_ControlFlow (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (Prims.unit & (t_Slice (t_Array i32 (sz 256)) & usize))) - (t_Slice (t_Array i32 (sz 256)) & usize)) + (Prims.unit & (t_Slice (t_Array i32 (mk_usize 256)) & usize))) + (t_Slice (t_Array i32 (mk_usize 256)) & usize)) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) - (t_Slice (t_Array i32 (sz 256)) & usize) + (t_Slice (t_Array i32 (mk_usize 256)) & usize) with | Core.Ops.Control_flow.ControlFlow_Break ret -> ret | Core.Ops.Control_flow.ControlFlow_Continue (out_hint, previous_true_hints_seen) -> @@ -404,7 +404,7 @@ let deserialize (fun temp_0_ j -> let _:Prims.unit = temp_0_ in let j:usize = j in - if (hint_serialized.[ j ] <: u8) <>. 0uy <: bool + if (hint_serialized.[ j ] <: u8) <>. mk_u8 0 <: bool then Core.Ops.Control_flow.ControlFlow_Break (Core.Ops.Control_flow.ControlFlow_Break @@ -420,13 +420,13 @@ let deserialize <: (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError)) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) (Prims.unit & Prims.unit)) <: @@ -434,7 +434,7 @@ let deserialize (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) (Prims.unit & Prims.unit)) Prims.unit else @@ -444,13 +444,13 @@ let deserialize (Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) (Prims.unit & Prims.unit)) Prims.unit) <: Core.Ops.Control_flow.t_ControlFlow (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.unit with | Core.Ops.Control_flow.ControlFlow_Break ret -> ret @@ -463,5 +463,5 @@ let deserialize out_commitment_hash, out_signer_response, out_hint, hax_temp_output <: (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti index 0f71e5a8e..0ff4c4a78 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signature.fsti @@ -14,14 +14,14 @@ val serialize {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (commitment_hash: t_Slice u8) (signer_response: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (hint: t_Slice (t_Array i32 (sz 256))) + (hint: t_Slice (t_Array i32 (mk_usize 256))) (commitment_hash_size columns_in_a rows_in_a gamma1_exponent gamma1_ring_element_size max_ones_in_hint: usize) (signature: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val set_hint (out_hint: t_Slice (t_Array i32 (sz 256))) (i j: usize) - : Prims.Pure (t_Slice (t_Array i32 (sz 256))) Prims.l_True (fun _ -> Prims.l_True) +val set_hint (out_hint: t_Slice (t_Array i32 (mk_usize 256))) (i j: usize) + : Prims.Pure (t_Slice (t_Array i32 (mk_usize 256))) Prims.l_True (fun _ -> Prims.l_True) val deserialize (#v_SIMDUnit: Type0) @@ -30,10 +30,10 @@ val deserialize usize) (serialized out_commitment_hash: t_Slice u8) (out_signer_response: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (out_hint: t_Slice (t_Array i32 (sz 256))) + (out_hint: t_Slice (t_Array i32 (mk_usize 256))) : Prims.Pure (t_Slice u8 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Slice (t_Array i32 (sz 256)) & + t_Slice (t_Array i32 (mk_usize 256)) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst index d218cb62f..88abf1395 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Signing_key.fst @@ -24,7 +24,7 @@ let generate_serialized (s1_2_ t0: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) (signing_key_serialized: t_Slice u8) = - let offset:usize = sz 0 in + let offset:usize = mk_usize 0 in let signing_key_serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range signing_key_serialized ({ @@ -71,11 +71,13 @@ let generate_serialized t_Slice u8) in let offset:usize = offset +! Libcrux_ml_dsa.Constants.v_SEED_FOR_SIGNING_SIZE in - let verification_key_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let verification_key_hash:t_Array u8 (sz 64) = + let verification_key_hash:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in + let verification_key_hash:t_Array u8 (mk_usize 64) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256 #FStar.Tactics.Typeclasses.solve - (sz 64) + (mk_usize 64) verification_key verification_key_hash in @@ -106,7 +108,7 @@ let generate_serialized in let offset:usize = offset +! Libcrux_ml_dsa.Constants.v_BYTES_FOR_VERIFICATION_KEY_HASH in let offset, signing_key_serialized:(usize & t_Slice u8) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) s1_2_ <: usize) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst index de9f50064..095a858f0 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fst @@ -32,7 +32,9 @@ let serialize Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = i *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize + Core.Ops.Range.f_end + = + (i +! mk_usize 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize) @@ -43,7 +45,7 @@ let serialize Core.Ops.Range.f_start = i *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize ] @@ -65,7 +67,7 @@ let deserialize (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -91,7 +93,7 @@ let deserialize Core.Ops.Range.f_start = i *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize ] @@ -101,7 +103,7 @@ let deserialize <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti index fe66090f9..5ffa78960 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T0.fsti @@ -9,7 +9,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let v_OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 13 +let v_OUTPUT_BYTES_PER_SIMD_UNIT: usize = mk_usize 13 val serialize (#v_SIMDUnit: Type0) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst index be43c8a94..e157d9c43 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst @@ -34,7 +34,7 @@ let serialize Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize) @@ -45,7 +45,7 @@ let serialize Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize ] @@ -67,7 +67,7 @@ let deserialize (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (result.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -91,7 +91,9 @@ let deserialize #FStar.Tactics.Typeclasses.solve (serialized.[ { Core.Ops.Range.f_start = i *! deserialize__WINDOW <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! deserialize__WINDOW <: usize + Core.Ops.Range.f_end + = + (i +! mk_usize 1 <: usize) *! deserialize__WINDOW <: usize } <: Core.Ops.Range.t_Range usize ] @@ -101,7 +103,7 @@ let deserialize <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti index 94a093522..a7147ff3b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti @@ -9,7 +9,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = sz 10 +let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = mk_usize 10 val serialize (#v_SIMDUnit: Type0) @@ -18,7 +18,7 @@ val serialize (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize__WINDOW: usize = sz 10 +let deserialize__WINDOW: usize = mk_usize 10 val deserialize (#v_SIMDUnit: Type0) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst index ac1140b5d..ce33d412a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.Verification_key.fst @@ -21,14 +21,14 @@ let generate_serialized let verification_key_serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range verification_key_serialized ({ - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (verification_key_serialized.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE } <: @@ -106,7 +106,7 @@ let deserialize () in let t1:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) rows_in_a (fun t1 temp_1_ -> let t1:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = t1 in @@ -125,7 +125,8 @@ let deserialize i *! Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T1S_SIZE <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T1S_SIZE + (i +! mk_usize 1 <: usize) *! + Libcrux_ml_dsa.Constants.v_RING_ELEMENT_OF_T1S_SIZE <: usize } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst index 50757003f..cba3f4354 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fst @@ -21,13 +21,14 @@ let init_absorb = init_absorb' assume val squeeze_first_five_blocks': state: t_Shake128x4 -> - out0: t_Array u8 (sz 840) -> - out1: t_Array u8 (sz 840) -> - out2: t_Array u8 (sz 840) -> - out3: t_Array u8 (sz 840) + out0: t_Array u8 (mk_usize 840) -> + out1: t_Array u8 (mk_usize 840) -> + out2: t_Array u8 (mk_usize 840) -> + out3: t_Array u8 (mk_usize 840) -> Prims.Pure - (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128x4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_five_blocks = squeeze_first_five_blocks' @@ -35,9 +36,8 @@ assume val squeeze_next_block': state: t_Shake128x4 -> Prims.Pure (t_Shake128x4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block = squeeze_next_block' @@ -66,9 +66,8 @@ assume val squeeze_first_block_x4': state: t_Shake256x4 -> Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_block_x4 = squeeze_first_block_x4' @@ -76,9 +75,8 @@ assume val squeeze_next_block_x4': state: t_Shake256x4 -> Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block_x4 = squeeze_next_block_x4' diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti index 27c84e31f..86f08f6f1 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Neon.fsti @@ -9,17 +9,17 @@ val t_Shake128x4:eqtype val init_absorb (input0 input1 input2 input3: t_Slice u8) : Prims.Pure t_Shake128x4 Prims.l_True (fun _ -> Prims.l_True) -val squeeze_first_five_blocks (state: t_Shake128x4) (out0 out1 out2 out3: t_Array u8 (sz 840)) +val squeeze_first_five_blocks (state: t_Shake128x4) (out0 out1 out2 out3: t_Array u8 (mk_usize 840)) : Prims.Pure - (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128x4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block (state: t_Shake128x4) : Prims.Pure (t_Shake128x4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 @@ -33,16 +33,14 @@ val init_absorb_x4 (input0 input1 input2 input3: t_Slice u8) val squeeze_first_block_x4 (state: t_Shake256x4) : Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block_x4 (state: t_Shake256x4) : Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) val shake256_x4 (v_OUT_LEN: usize) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst index 41c295b79..c6ed41531 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fst @@ -21,13 +21,14 @@ let init_absorb = init_absorb' assume val squeeze_first_five_blocks': state: t_Shake128X4 -> - out0: t_Array u8 (sz 840) -> - out1: t_Array u8 (sz 840) -> - out2: t_Array u8 (sz 840) -> - out3: t_Array u8 (sz 840) + out0: t_Array u8 (mk_usize 840) -> + out1: t_Array u8 (mk_usize 840) -> + out2: t_Array u8 (mk_usize 840) -> + out3: t_Array u8 (mk_usize 840) -> Prims.Pure - (t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128X4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_five_blocks = squeeze_first_five_blocks' @@ -35,9 +36,8 @@ assume val squeeze_next_block': state: t_Shake128X4 -> Prims.Pure (t_Shake128X4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block = squeeze_next_block' @@ -83,13 +83,13 @@ let init_absorb_final_shake256 = init_absorb_final_shake256' assume val squeeze_first_block_shake256': state: t_Shake256 - -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + -> Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_block_shake256 = squeeze_first_block_shake256' assume val squeeze_next_block_shake256': state: t_Shake256 - -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + -> Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block_shake256 = squeeze_next_block_shake256' @@ -118,9 +118,8 @@ assume val squeeze_first_block_x4': state: t_Shake256X4 -> Prims.Pure (t_Shake256X4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_block_x4 = squeeze_first_block_x4' @@ -128,9 +127,8 @@ assume val squeeze_next_block_x4': state: t_Shake256X4 -> Prims.Pure (t_Shake256X4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block_x4 = squeeze_next_block_x4' diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti index 226520e52..3d704e225 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Portable.fsti @@ -10,17 +10,17 @@ val t_Shake128X4:eqtype val init_absorb (input0 input1 input2 input3: t_Slice u8) : Prims.Pure t_Shake128X4 Prims.l_True (fun _ -> Prims.l_True) -val squeeze_first_five_blocks (state: t_Shake128X4) (out0 out1 out2 out3: t_Array u8 (sz 840)) +val squeeze_first_five_blocks (state: t_Shake128X4) (out0 out1 out2 out3: t_Array u8 (mk_usize 840)) : Prims.Pure - (t_Shake128X4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128X4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block (state: t_Shake128X4) : Prims.Pure (t_Shake128X4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128X4 @@ -43,10 +43,10 @@ val init_absorb_final_shake256 (input: t_Slice u8) : Prims.Pure t_Shake256 Prims.l_True (fun _ -> Prims.l_True) val squeeze_first_block_shake256 (state: t_Shake256) - : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block_shake256 (state: t_Shake256) - : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl_2:Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof t_Shake256 @@ -61,16 +61,14 @@ val init_absorb_x4 (input0 input1 input2 input3: t_Slice u8) val squeeze_first_block_x4 (state: t_Shake256X4) : Prims.Pure (t_Shake256X4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block_x4 (state: t_Shake256X4) : Prims.Pure (t_Shake256X4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl_3:Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 t_Shake256X4 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti index bf88da53a..f950c95c0 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake128.fsti @@ -3,9 +3,9 @@ module Libcrux_ml_dsa.Hash_functions.Shake128 open Core open FStar.Mul -let v_BLOCK_SIZE: usize = sz 168 +let v_BLOCK_SIZE: usize = mk_usize 168 -let v_FIVE_BLOCKS_SIZE: usize = v_BLOCK_SIZE *! sz 5 +let v_FIVE_BLOCKS_SIZE: usize = v_BLOCK_SIZE *! mk_usize 5 class t_Xof (v_Self: Type0) = { f_shake128_pre:t_Slice u8 -> t_Slice u8 -> Type0; @@ -25,41 +25,43 @@ class t_XofX4 (v_Self: Type0) = { (fun result -> f_init_absorb_post x0 x1 x2 x3 result); f_squeeze_first_five_blocks_pre: v_Self -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> Type0; f_squeeze_first_five_blocks_post: v_Self -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) -> - t_Array u8 (sz 840) -> - (v_Self & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> + t_Array u8 (mk_usize 840) -> + (v_Self & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) -> Type0; f_squeeze_first_five_blocks: x0: v_Self -> - x1: t_Array u8 (sz 840) -> - x2: t_Array u8 (sz 840) -> - x3: t_Array u8 (sz 840) -> - x4: t_Array u8 (sz 840) + x1: t_Array u8 (mk_usize 840) -> + x2: t_Array u8 (mk_usize 840) -> + x3: t_Array u8 (mk_usize 840) -> + x4: t_Array u8 (mk_usize 840) -> Prims.Pure - (v_Self & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) + (v_Self & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) (f_squeeze_first_five_blocks_pre x0 x1 x2 x3 x4) (fun result -> f_squeeze_first_five_blocks_post x0 x1 x2 x3 x4 result); f_squeeze_next_block_pre:v_Self -> Type0; f_squeeze_next_block_post: v_Self -> (v_Self & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) -> Type0; f_squeeze_next_block:x0: v_Self -> Prims.Pure (v_Self & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) (f_squeeze_next_block_pre x0) (fun result -> f_squeeze_next_block_post x0 result) } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti index 486426747..693bc7259 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Shake256.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_dsa.Hash_functions.Shake256 open Core open FStar.Mul -let v_BLOCK_SIZE: usize = sz 136 +let v_BLOCK_SIZE: usize = mk_usize 136 /// An ML-DSA specific Xof trait /// This trait is not actually a full Xof implementation but opererates only @@ -27,15 +27,15 @@ class t_DsaXof (v_Self: Type0) = { (f_init_absorb_final_pre x0) (fun result -> f_init_absorb_final_post x0 result); f_squeeze_first_block_pre:v_Self -> Type0; - f_squeeze_first_block_post:v_Self -> (v_Self & t_Array u8 (sz 136)) -> Type0; + f_squeeze_first_block_post:v_Self -> (v_Self & t_Array u8 (mk_usize 136)) -> Type0; f_squeeze_first_block:x0: v_Self - -> Prims.Pure (v_Self & t_Array u8 (sz 136)) + -> Prims.Pure (v_Self & t_Array u8 (mk_usize 136)) (f_squeeze_first_block_pre x0) (fun result -> f_squeeze_first_block_post x0 result); f_squeeze_next_block_pre:v_Self -> Type0; - f_squeeze_next_block_post:v_Self -> (v_Self & t_Array u8 (sz 136)) -> Type0; + f_squeeze_next_block_post:v_Self -> (v_Self & t_Array u8 (mk_usize 136)) -> Type0; f_squeeze_next_block:x0: v_Self - -> Prims.Pure (v_Self & t_Array u8 (sz 136)) + -> Prims.Pure (v_Self & t_Array u8 (mk_usize 136)) (f_squeeze_next_block_pre x0) (fun result -> f_squeeze_next_block_post x0 result) } @@ -51,24 +51,28 @@ class t_XofX4 (v_Self: Type0) = { f_squeeze_first_block_x4_post: v_Self -> (v_Self & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) -> Type0; f_squeeze_first_block_x4:x0: v_Self -> Prims.Pure (v_Self & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) (f_squeeze_first_block_x4_pre x0) (fun result -> f_squeeze_first_block_x4_post x0 result); f_squeeze_next_block_x4_pre:v_Self -> Type0; f_squeeze_next_block_x4_post: v_Self -> (v_Self & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) -> Type0; f_squeeze_next_block_x4:x0: v_Self -> Prims.Pure (v_Self & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) (f_squeeze_next_block_x4_pre x0) (fun result -> f_squeeze_next_block_x4_post x0 result); f_shake256_x4_pre: diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst index 2c27cc72d..39a2c87ce 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fst @@ -21,13 +21,14 @@ let init_absorb = init_absorb' assume val squeeze_first_five_blocks': state: t_Shake128x4 -> - out0: t_Array u8 (sz 840) -> - out1: t_Array u8 (sz 840) -> - out2: t_Array u8 (sz 840) -> - out3: t_Array u8 (sz 840) + out0: t_Array u8 (mk_usize 840) -> + out1: t_Array u8 (mk_usize 840) -> + out2: t_Array u8 (mk_usize 840) -> + out3: t_Array u8 (mk_usize 840) -> Prims.Pure - (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128x4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_five_blocks = squeeze_first_five_blocks' @@ -35,9 +36,8 @@ assume val squeeze_next_block': state: t_Shake128x4 -> Prims.Pure (t_Shake128x4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block = squeeze_next_block' @@ -66,13 +66,13 @@ let init_absorb_final_shake256 = init_absorb_final_shake256' assume val squeeze_first_block_shake256': state: t_Shake256 - -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + -> Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_block_shake256 = squeeze_first_block_shake256' assume val squeeze_next_block_shake256': state: t_Shake256 - -> Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + -> Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block_shake256 = squeeze_next_block_shake256' @@ -101,9 +101,8 @@ assume val squeeze_first_block_x4': state: t_Shake256x4 -> Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_first_block_x4 = squeeze_first_block_x4' @@ -111,9 +110,8 @@ assume val squeeze_next_block_x4': state: t_Shake256x4 -> Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) let squeeze_next_block_x4 = squeeze_next_block_x4' diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti index efb4f88de..da0dddccf 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Hash_functions.Simd256.fsti @@ -12,17 +12,17 @@ val t_Shake128x4:eqtype val init_absorb (input0 input1 input2 input3: t_Slice u8) : Prims.Pure t_Shake128x4 Prims.l_True (fun _ -> Prims.l_True) -val squeeze_first_five_blocks (state: t_Shake128x4) (out0 out1 out2 out3: t_Array u8 (sz 840)) +val squeeze_first_five_blocks (state: t_Shake128x4) (out0 out1 out2 out3: t_Array u8 (mk_usize 840)) : Prims.Pure - (t_Shake128x4 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840)) Prims.l_True (fun _ -> Prims.l_True) + (t_Shake128x4 & t_Array u8 (mk_usize 840) & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block (state: t_Shake128x4) : Prims.Pure (t_Shake128x4 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl:Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 t_Shake128x4 @@ -37,10 +37,10 @@ val init_absorb_final_shake256 (input: t_Slice u8) : Prims.Pure t_Shake256 Prims.l_True (fun _ -> Prims.l_True) val squeeze_first_block_shake256 (state: t_Shake256) - : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block_shake256 (state: t_Shake256) - : Prims.Pure (t_Shake256 & t_Array u8 (sz 136)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Shake256 & t_Array u8 (mk_usize 136)) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl_1:Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof t_Shake256 @@ -54,16 +54,14 @@ val init_absorb_x4 (input0 input1 input2 input3: t_Slice u8) val squeeze_first_block_x4 (state: t_Shake256x4) : Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) val squeeze_next_block_x4 (state: t_Shake256x4) : Prims.Pure (t_Shake256x4 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - Prims.l_True - (fun _ -> Prims.l_True) + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) Prims.l_True (fun _ -> Prims.l_True) val shake256_x4 (v_OUT_LEN: usize) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst index 74ad30218..a13f765e1 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Matrix.fst @@ -19,7 +19,7 @@ let compute_as1_plus_s2 t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) rows_in_a (fun result temp_1_ -> let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = @@ -33,7 +33,7 @@ let compute_as1_plus_s2 result in let i:usize = i in - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) columns_in_a (fun result temp_1_ -> let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = @@ -71,7 +71,7 @@ let compute_as1_plus_s2 t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) result <: usize) @@ -119,7 +119,7 @@ let compute_matrix_x_mask (matrix mask result: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) rows_in_a (fun result temp_1_ -> let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = @@ -134,7 +134,7 @@ let compute_matrix_x_mask in let i:usize = i in let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) columns_in_a (fun result temp_1_ -> let result:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -195,7 +195,7 @@ let vector_times_ring_element (ring_element: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let vector:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) vector <: usize) @@ -241,7 +241,7 @@ let add_vectors (lhs rhs: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let lhs:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) dimension (fun lhs temp_1_ -> let lhs:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = lhs in @@ -272,7 +272,7 @@ let subtract_vectors (lhs rhs: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let lhs:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) dimension (fun lhs temp_1_ -> let lhs:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = lhs in @@ -306,7 +306,7 @@ let compute_w_approx (t1: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = let t1:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) rows_in_a (fun t1 temp_1_ -> let t1:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = t1 in @@ -320,7 +320,7 @@ let compute_w_approx Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () in let inner_result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) columns_in_a (fun inner_result temp_1_ -> let inner_result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = @@ -353,7 +353,7 @@ let compute_w_approx Rust_primitives.Hax.Monomorphized_update_at.update_at_usize t1 i (Libcrux_ml_dsa.Arithmetic.shift_left_then_reduce #v_SIMDUnit - 13l + (mk_i32 13) (t1.[ i ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst index 1f4e74abc..42decb1f9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_44_.Avx2 open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 2560) = Rust_primitives.Hax.repeat 0uy (sz 2560) in - let verification_key:t_Array u8 (sz 1312) = Rust_primitives.Hax.repeat 0uy (sz 1312) in - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 2560) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2560) + in + let verification_key:t_Array u8 (mk_usize 1312) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1312) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 2560) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 2560) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1312) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1312) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti index d8a0fad7d..1f550c044 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Avx2.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-44 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-44 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst index af30cc781..400aa002f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_44_.Neon open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 2560) = Rust_primitives.Hax.repeat 0uy (sz 2560) in - let verification_key:t_Array u8 (sz 1312) = Rust_primitives.Hax.repeat 0uy (sz 1312) in - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 2560) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2560) + in + let verification_key:t_Array u8 (mk_usize 1312) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1312) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 2560) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 2560) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1312) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1312) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti index 9a4380d2b..51cd2468f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Neon.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-44 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-44 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst index 13a796716..c0a8803a1 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_44_.Portable open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 2560) = Rust_primitives.Hax.repeat 0uy (sz 2560) in - let verification_key:t_Array u8 (sz 1312) = Rust_primitives.Hax.repeat 0uy (sz 1312) in - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 2560) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2560) + in + let verification_key:t_Array u8 (mk_usize 1312) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1312) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 2560) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 2560) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1312) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1312) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti index 80d949c43..e0d78ea95 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.Portable.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-44 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-44 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst index a765340a9..e78a20acf 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fst @@ -3,93 +3,101 @@ module Libcrux_ml_dsa.Ml_dsa_44_ open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 2560) = Rust_primitives.Hax.repeat 0uy (sz 2560) in - let verification_key:t_Array u8 (sz 1312) = Rust_primitives.Hax.repeat 0uy (sz 1312) in - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 2560) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2560) + in + let verification_key:t_Array u8 (mk_usize 1312) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1312) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 2560) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 2560) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1312) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1312) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.sign (Libcrux_ml_dsa.Types.impl__as_ref (sz + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.sign (Libcrux_ml_dsa.Types.impl__as_ref (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context randomness let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref ( - sz 1312) + mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 2560) + (mk_usize 2560) signing_key <: - t_Array u8 (sz 2560)) + t_Array u8 (mk_usize 2560)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1312) + (mk_usize 1312) verification_key <: - t_Array u8 (sz 1312)) + t_Array u8 (mk_usize 1312)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 2420) signature <: t_Array u8 (sz 2420)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 2420) signature <: t_Array u8 (mk_usize 2420)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti index 271b3e989..75cb477e1 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_44_.fsti @@ -7,8 +7,8 @@ open FStar.Mul /// Generate an ML-DSA key pair. The input is a byte array of size /// [`KEY_GENERATION_RANDOMNESS_SIZE`]. /// This function returns an [`MLDSA44KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1312) (sz 2560)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1312) (mk_usize 2560)) Prims.l_True (fun _ -> Prims.l_True) @@ -19,11 +19,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// may also be empty. /// This function returns an [`MLDSA44Signature`]. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-44 Signature @@ -33,9 +33,9 @@ val sign /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -48,11 +48,11 @@ val verify /// may also be empty. /// This function returns an [`MLDSA44Signature`]. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 2560)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify a HashML-DSA-44 Signature, with a SHAKE128 pre-hashing @@ -62,9 +62,9 @@ val sign_pre_hashed_shake128 /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1312)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1312)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst index 4ba7e0a11..0ed29d190 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fst @@ -3,62 +3,66 @@ module Libcrux_ml_dsa.Ml_dsa_65_.Avx2 open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4032) = Rust_primitives.Hax.repeat 0uy (sz 4032) in - let verification_key:t_Array u8 (sz 1952) = Rust_primitives.Hax.repeat 0uy (sz 1952) in - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4032) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4032) + in + let verification_key:t_Array u8 (mk_usize 1952) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1952) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4032) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4032) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1952) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1952) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032) let generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context randomness let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.sign_mut signing_key message @@ -66,65 +70,69 @@ let sign_mut randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti index 00176aa30..7ff07767a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Avx2.fsti @@ -4,28 +4,30 @@ open Core open FStar.Mul /// Generate an ML-DSA-65 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Key Pair val generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature @@ -33,12 +35,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -47,11 +50,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -59,9 +62,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -71,9 +74,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst index 655282ddc..5d7d3bddc 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fst @@ -3,62 +3,66 @@ module Libcrux_ml_dsa.Ml_dsa_65_.Neon open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4032) = Rust_primitives.Hax.repeat 0uy (sz 4032) in - let verification_key:t_Array u8 (sz 1952) = Rust_primitives.Hax.repeat 0uy (sz 1952) in - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4032) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4032) + in + let verification_key:t_Array u8 (mk_usize 1952) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1952) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4032) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4032) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1952) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1952) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032) let generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context randomness let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.sign_mut signing_key message @@ -66,65 +70,69 @@ let sign_mut randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti index 43b275f98..4eac5c2c5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Neon.fsti @@ -4,28 +4,30 @@ open Core open FStar.Mul /// Generate an ML-DSA-65 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Key Pair val generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature @@ -33,12 +35,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -47,11 +50,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -59,9 +62,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -71,9 +74,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst index 124549c25..0d87d3268 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fst @@ -3,62 +3,66 @@ module Libcrux_ml_dsa.Ml_dsa_65_.Portable open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4032) = Rust_primitives.Hax.repeat 0uy (sz 4032) in - let verification_key:t_Array u8 (sz 1952) = Rust_primitives.Hax.repeat 0uy (sz 1952) in - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4032) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4032) + in + let verification_key:t_Array u8 (mk_usize 1952) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1952) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4032) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4032) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1952) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1952) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032) let generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context randomness let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.sign_mut signing_key message @@ -66,65 +70,69 @@ let sign_mut randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti index 2953eab1b..5a4edcb80 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.Portable.fsti @@ -4,28 +4,30 @@ open Core open FStar.Mul /// Generate an ML-DSA-65 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Key Pair val generate_key_pair_mut - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature /// The parameter `context` is used for domain separation /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-65 Signature @@ -33,12 +35,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -47,11 +50,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -59,9 +62,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -71,9 +74,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst index d4f6f883f..ae2d793bf 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fst @@ -3,93 +3,101 @@ module Libcrux_ml_dsa.Ml_dsa_65_ open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4032) = Rust_primitives.Hax.repeat 0uy (sz 4032) in - let verification_key:t_Array u8 (sz 1952) = Rust_primitives.Hax.repeat 0uy (sz 1952) in - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4032) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4032) + in + let verification_key:t_Array u8 (mk_usize 1952) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1952) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4032) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4032) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 1952) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 1952) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.sign (Libcrux_ml_dsa.Types.impl__as_ref (sz + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.sign (Libcrux_ml_dsa.Types.impl__as_ref (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context randomness let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref ( - sz 1952) + mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4032) + (mk_usize 4032) signing_key <: - t_Array u8 (sz 4032)) + t_Array u8 (mk_usize 4032)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 1952) + (mk_usize 1952) verification_key <: - t_Array u8 (sz 1952)) + t_Array u8 (mk_usize 1952)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 3309) signature <: t_Array u8 (sz 3309)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 3309) signature <: t_Array u8 (mk_usize 3309)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti index b8a48b5dd..48f0c6f0e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_65_.fsti @@ -7,8 +7,8 @@ open FStar.Mul /// Generate an ML-DSA key pair. The input is a byte array of size /// [`KEY_GENERATION_RANDOMNESS_SIZE`]. /// This function returns an [`MLDSA65KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 1952) (sz 4032)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 1952) (mk_usize 4032)) Prims.l_True (fun _ -> Prims.l_True) @@ -19,11 +19,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// may also be empty. /// This function returns an [`MLDSA65Signature`]. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-65 Signature @@ -33,9 +33,9 @@ val sign /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -48,11 +48,11 @@ val verify /// may also be empty. /// This function returns an [`MLDSA65Signature`]. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4032)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify a HashML-DSA-65 Signature, with a SHAKE128 pre-hashing @@ -62,9 +62,9 @@ val sign_pre_hashed_shake128 /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 1952)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 1952)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst index 2a1c3baa1..6409ba501 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_87_.Avx2 open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4896) = Rust_primitives.Hax.repeat 0uy (sz 4896) in - let verification_key:t_Array u8 (sz 2592) = Rust_primitives.Hax.repeat 0uy (sz 2592) in - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4896) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4896) + in + let verification_key:t_Array u8 (mk_usize 2592) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2592) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4896) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4896) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 2592) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 2592) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti index 6225e3023..331035d39 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Avx2.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-87 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-87 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst index c6bec73a6..8eb415171 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_87_.Neon open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4896) = Rust_primitives.Hax.repeat 0uy (sz 4896) in - let verification_key:t_Array u8 (sz 2592) = Rust_primitives.Hax.repeat 0uy (sz 2592) in - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4896) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4896) + in + let verification_key:t_Array u8 (mk_usize 2592) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2592) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4896) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4896) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 2592) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 2592) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti index 7ba0608c8..c34eed67d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Neon.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-87 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-87 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst index 6979118c4..88e447b73 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fst @@ -3,117 +3,125 @@ module Libcrux_ml_dsa.Ml_dsa_87_.Portable open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4896) = Rust_primitives.Hax.repeat 0uy (sz 4896) in - let verification_key:t_Array u8 (sz 2592) = Rust_primitives.Hax.repeat 0uy (sz 2592) in - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4896) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4896) + in + let verification_key:t_Array u8 (mk_usize 2592) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2592) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4896) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4896) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 2592) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 2592) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.sign (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness let sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.sign_mut (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti index 00756769a..5347cfc48 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.Portable.fsti @@ -4,8 +4,8 @@ open Core open FStar.Mul /// Generate an ML-DSA-87 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) @@ -14,11 +14,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Generate an ML-DSA-87 Signature @@ -26,12 +26,13 @@ val sign /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_mut - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -40,11 +41,11 @@ val sign_mut /// and is a byte string of length at most 255 bytes. It /// may also be empty. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -52,9 +53,9 @@ val sign_pre_hashed_shake128 /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -64,9 +65,9 @@ val verify /// and is a byte string of length at most 255 bytes. It /// may also be empty. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst index 561b3c090..41e437dc0 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fst @@ -3,93 +3,101 @@ module Libcrux_ml_dsa.Ml_dsa_87_ open Core open FStar.Mul -let generate_key_pair (randomness: t_Array u8 (sz 32)) = - let signing_key:t_Array u8 (sz 4896) = Rust_primitives.Hax.repeat 0uy (sz 4896) in - let verification_key:t_Array u8 (sz 2592) = Rust_primitives.Hax.repeat 0uy (sz 2592) in - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = +let generate_key_pair (randomness: t_Array u8 (mk_usize 32)) = + let signing_key:t_Array u8 (mk_usize 4896) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 4896) + in + let verification_key:t_Array u8 (mk_usize 2592) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 2592) + in + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in { - Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (sz 4896) signing_key; + Libcrux_ml_dsa.Types.f_signing_key = Libcrux_ml_dsa.Types.impl__new (mk_usize 4896) signing_key; Libcrux_ml_dsa.Types.f_verification_key = - Libcrux_ml_dsa.Types.impl_2__new (sz 2592) verification_key + Libcrux_ml_dsa.Types.impl_2__new (mk_usize 2592) verification_key } <: - Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896) + Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896) let sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.sign (Libcrux_ml_dsa.Types.impl__as_ref (sz + Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.sign (Libcrux_ml_dsa.Types.impl__as_ref (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context randomness let verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.verify (Libcrux_ml_dsa.Types.impl_2__as_ref ( - sz 2592) + mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) let sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.sign_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl__as_ref - (sz 4896) + (mk_usize 4896) signing_key <: - t_Array u8 (sz 4896)) + t_Array u8 (mk_usize 4896)) message context pre_hash_buffer randomness in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out let verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) = - let pre_hash_buffer:t_Array u8 (sz 256) = Rust_primitives.Hax.repeat 0uy (sz 256) in - let tmp0, out:(t_Array u8 (sz 256) & + let pre_hash_buffer:t_Array u8 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 256) + in + let tmp0, out:(t_Array u8 (mk_usize 256) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.verify_pre_hashed_shake128 (Libcrux_ml_dsa.Types.impl_2__as_ref - (sz 2592) + (mk_usize 2592) verification_key <: - t_Array u8 (sz 2592)) + t_Array u8 (mk_usize 2592)) message context pre_hash_buffer - (Libcrux_ml_dsa.Types.impl_4__as_ref (sz 4627) signature <: t_Array u8 (sz 4627)) + (Libcrux_ml_dsa.Types.impl_4__as_ref (mk_usize 4627) signature <: t_Array u8 (mk_usize 4627)) in - let pre_hash_buffer:t_Array u8 (sz 256) = tmp0 in + let pre_hash_buffer:t_Array u8 (mk_usize 256) = tmp0 in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti index 259054199..a29514e3e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_87_.fsti @@ -7,8 +7,8 @@ open FStar.Mul /// Generate an ML-DSA key pair. The input is a byte array of size /// [`KEY_GENERATION_RANDOMNESS_SIZE`]. /// This function returns an [`MLDSA87KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (sz 2592) (sz 4896)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_dsa.Types.t_MLDSAKeyPair (mk_usize 2592) (mk_usize 4896)) Prims.l_True (fun _ -> Prims.l_True) @@ -19,11 +19,11 @@ val generate_key_pair (randomness: t_Array u8 (sz 32)) /// may also be empty. /// This function returns an [`MLDSA87Signature`]. val sign - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify an ML-DSA-87 Signature @@ -33,9 +33,9 @@ val sign /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -48,11 +48,11 @@ val verify /// may also be empty. /// This function returns an [`MLDSA87Signature`]. val sign_pre_hashed_shake128 - (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (sz 4896)) + (signing_key: Libcrux_ml_dsa.Types.t_MLDSASigningKey (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify a HashML-DSA-87 Signature, with a SHAKE128 pre-hashing @@ -62,9 +62,9 @@ val sign_pre_hashed_shake128 /// Returns `Ok` when the `signature` is valid for the `message` and /// `verification_key`, and a [`VerificationError`] otherwise. val verify_pre_hashed_shake128 - (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (sz 2592)) + (verification_key: Libcrux_ml_dsa.Types.t_MLDSAVerificationKey (mk_usize 2592)) (message context: t_Slice u8) - (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (signature: Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst index d4addf2d9..cb9afcb00 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst @@ -18,7 +18,7 @@ let _ = () let generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = @@ -37,7 +37,10 @@ let generate_key_pair___inner let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) = +let generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) + = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = generate_key_pair___inner randomness signing_key verification_key in @@ -47,9 +50,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification signing_key, verification_key <: (t_Slice u8 & t_Slice u8) let sign___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 @@ -59,18 +62,18 @@ let sign___inner randomness let sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = sign___inner signing_key message context randomness let sign_mut___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_mut #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -80,35 +83,35 @@ let sign_mut___inner #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut___inner signing_key message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -119,41 +122,41 @@ let sign_pre_hashed_shake128___inner (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let verify___inner - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.verify #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -166,15 +169,15 @@ let verify___inner signature let verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = verify___inner verification_key message context signature let verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = @@ -194,9 +197,9 @@ let verify_pre_hashed_shake128___inner (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti index 0a6cd9f8c..cfeaf068f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti @@ -19,91 +19,95 @@ let _ = /// Key Generation. val generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) +val generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val sign___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_mut___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify___inner - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True @@ -111,9 +115,9 @@ val verify_pre_hashed_shake128___inner /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst index 384431e2f..79e93f4d6 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst @@ -18,7 +18,7 @@ let _ = () let generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = @@ -37,7 +37,10 @@ let generate_key_pair___inner let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) = +let generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) + = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = generate_key_pair___inner randomness signing_key verification_key in @@ -47,9 +50,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification signing_key, verification_key <: (t_Slice u8 & t_Slice u8) let sign___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 @@ -59,18 +62,18 @@ let sign___inner randomness let sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = sign___inner signing_key message context randomness let sign_mut___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_mut #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -80,35 +83,35 @@ let sign_mut___inner #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut___inner signing_key message context randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -119,41 +122,41 @@ let sign_pre_hashed_shake128___inner (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let verify___inner - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.verify #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -166,15 +169,15 @@ let verify___inner signature let verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = verify___inner verification_key message context signature let verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = @@ -194,9 +197,9 @@ let verify_pre_hashed_shake128___inner (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti index 73beab56d..d9f007b05 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti @@ -19,91 +19,95 @@ let _ = /// Key Generation. val generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) +val generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val sign___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_mut___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify___inner - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True @@ -111,9 +115,9 @@ val verify_pre_hashed_shake128___inner /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst index 85209dee4..87019dfe9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst @@ -18,7 +18,7 @@ let _ = () let generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = @@ -37,7 +37,10 @@ let generate_key_pair___inner let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) = +let generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) + = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = generate_key_pair___inner randomness signing_key verification_key in @@ -47,9 +50,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification signing_key, verification_key <: (t_Slice u8 & t_Slice u8) let sign___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake128x4 @@ -59,18 +62,18 @@ let sign___inner randomness let sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = sign___inner signing_key message context randomness let sign_mut___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_mut #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -80,35 +83,35 @@ let sign_mut___inner #Libcrux_ml_dsa.Hash_functions.Simd256.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut___inner signing_key message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -119,41 +122,41 @@ let sign_pre_hashed_shake128___inner (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let verify___inner - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.verify #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 #Libcrux_ml_dsa.Samplex4.Avx2.t_AVX2Sampler @@ -166,15 +169,15 @@ let verify___inner signature let verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = verify___inner verification_key message context signature let verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = @@ -194,9 +197,9 @@ let verify_pre_hashed_shake128___inner (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti index a119375c4..330b40dca 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti @@ -19,91 +19,95 @@ let _ = /// Key Generation. val generate_key_pair___inner - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val generate_key_pair (randomness: t_Array u8 (sz 32)) (signing_key verification_key: t_Slice u8) +val generate_key_pair + (randomness: t_Array u8 (mk_usize 32)) + (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val sign___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_mut___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128___inner - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify___inner - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128___inner - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True @@ -111,9 +115,9 @@ val verify_pre_hashed_shake128___inner /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fst index da2a3cd8c..7c4e95a85 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fst @@ -18,11 +18,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) = - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -33,15 +33,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) let sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -65,19 +65,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -88,20 +88,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler @@ -114,9 +114,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fsti index 858d01f49..955f066b1 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.fsti @@ -19,55 +19,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) - : Prims.Pure (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) + : Prims.Pure (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fst index 692bdeb30..c25e2ca82 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fst @@ -18,11 +18,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -33,15 +33,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -65,19 +65,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -88,20 +88,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler @@ -114,9 +114,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fsti index 3319e50fb..cf41b04d6 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.fsti @@ -19,55 +19,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fst index 736cfca36..59bd60eba 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fst @@ -18,11 +18,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) = - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -33,15 +33,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) let sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake128x4 @@ -65,19 +65,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Neon.t_Shake256x4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128 @@ -88,20 +88,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Neon.t_NeonSampler @@ -114,9 +114,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fsti index 70e139689..66d9d64c7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.fsti @@ -19,55 +19,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) - : Prims.Pure (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) + : Prims.Pure (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fst index 888e90ff3..65f4f15e7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fst @@ -17,11 +17,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) = - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 @@ -32,15 +32,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) let sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -66,19 +66,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256X4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -90,20 +90,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -116,9 +116,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fsti index 347cf611d..b2ce3823e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.fsti @@ -18,55 +18,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) - : Prims.Pure (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) + : Prims.Pure (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 2420)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fst index 320ff0fd1..9cdb78f41 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fst @@ -17,11 +17,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 @@ -32,15 +32,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -66,19 +66,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256X4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -90,20 +90,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -116,9 +116,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fsti index a101743e2..34af5b033 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.fsti @@ -18,55 +18,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 3309)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fst index 6c59d201b..1d0f9cde4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fst @@ -17,11 +17,11 @@ let _ = () let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) = - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.generate_key_pair #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake128X4 @@ -32,15 +32,15 @@ let generate_key_pair signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) let sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -51,12 +51,12 @@ let sign randomness let sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_mut #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -66,19 +66,19 @@ let sign_mut #Libcrux_ml_dsa.Hash_functions.Portable.t_Shake256X4 (signing_key <: t_Slice u8) message context randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.sign_pre_hashed #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -90,20 +90,20 @@ let sign_pre_hashed_shake128 (signing_key <: t_Slice u8) message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.verify #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients #Libcrux_ml_dsa.Samplex4.Portable.t_PortableSampler @@ -116,9 +116,9 @@ let verify signature let verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fsti index 61e6daa3b..42468a39b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.fsti @@ -18,55 +18,58 @@ let _ = /// Generate key pair. val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) - : Prims.Pure (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) + : Prims.Pure (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) + Prims.l_True + (fun _ -> Prims.l_True) /// Sign. val sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign. val sign_mut - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Sign (pre-hashed). val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) /// Verify. val verify - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) /// Verify (pre-hashed with SHAKE-128). val verify_pre_hashed_shake128 - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature: t_Array u8 (sz 4627)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst index 11c2abad8..7d85c0b7d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst @@ -32,7 +32,7 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let _:Prims.unit = @@ -56,7 +56,9 @@ let generate_key_pair in () in - let seed_expanded:t_Array u8 (sz 128) = Rust_primitives.Hax.repeat 0uy (sz 128) in + let seed_expanded:t_Array u8 (mk_usize 128) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 128) + in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -81,14 +83,14 @@ let generate_key_pair <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 128)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 128)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake seed_expanded in let shake:v_Shake256Xof = tmp0 in - let seed_expanded:t_Array u8 (sz 128) = tmp1 in + let seed_expanded:t_Array u8 (mk_usize 128) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let seed_for_a, seed_expanded:(t_Slice u8 & t_Slice u8) = @@ -101,13 +103,15 @@ let generate_key_pair seed_expanded Libcrux_ml_dsa.Constants.v_SEED_FOR_ERROR_VECTORS_SIZE in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 16) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 16) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 16) + (mk_usize 16) in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 16) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 16) + = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -115,36 +119,36 @@ let generate_key_pair seed_for_a a_as_ntt in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Samplex4.sample_s1_and_s2 #v_SIMDUnit #v_Shake256X4 Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ETA seed_for_error_vectors s1_s2 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Core.Slice.impl__copy_from_slice #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) s1_ntt (s1_s2.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A } <: @@ -152,21 +156,23 @@ let generate_key_pair <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (s1_ntt <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) <: usize) (fun s1_ntt temp_1_ -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = s1_ntt in let _:usize = temp_1_ in true) s1_ntt (fun s1_ntt i -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = s1_ntt in let i:usize = i in @@ -177,9 +183,9 @@ let generate_key_pair <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Matrix.compute_as1_plus_s2 #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A @@ -189,18 +195,23 @@ let generate_key_pair t0 in let _:Prims.unit = () in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) = + let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) = Libcrux_ml_dsa.Arithmetic.power2round_vector #v_SIMDUnit t0 t1 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = tmp0 in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = tmp1 in + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = + tmp0 + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = + tmp1 + in let _:Prims.unit = () in let verification_key:t_Slice u8 = Libcrux_ml_dsa.Encoding.Verification_key.generate_serialized #v_SIMDUnit @@ -238,8 +249,8 @@ let sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = let seed_for_a, remaining_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 signing_key Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE @@ -264,48 +275,54 @@ let sign_internal remaining_serialized (v_ERROR_RING_ELEMENT_SIZE *! Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A <: usize) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ETA v_ERROR_RING_ELEMENT_SIZE s1_serialized s1_as_ntt in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ETA v_ERROR_RING_ELEMENT_SIZE s2_serialized s2_as_ntt in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Libcrux_ml_dsa.Encoding.T0.deserialize_to_vector_then_ntt #v_SIMDUnit t0_serialized t0_as_ntt in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 16) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 16) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 16) + (mk_usize 16) in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 16) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 16) = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -313,15 +330,17 @@ let sign_internal seed_for_a matrix in - let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let message_representative:t_Array u8 (sz 64) = + let message_representative:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in + let message_representative:t_Array u8 (mk_usize 64) = Libcrux_ml_dsa.Ml_dsa_generic.derive_message_representative #v_Shake256Xof verification_key_hash domain_separation_context message message_representative in - let mask_seed:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let mask_seed:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -343,84 +362,88 @@ let sign_internal shake (message_representative <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake mask_seed in let shake:v_Shake256Xof = tmp0 in - let mask_seed:t_Array u8 (sz 64) = tmp1 in + let mask_seed:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let (domain_separator_for_mask: u16):u16 = 0us in - let attempt:usize = sz 0 in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 32)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 32)) + let (domain_separator_for_mask: u16):u16 = mk_u16 0 in + let attempt:usize = mk_usize 0 in + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 32)) = + Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 32)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) = Core.Option.Option_None <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) = + Core.Option.Option_None + <: + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) in let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 32)) & + Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4))) = Rust_primitives.f_while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 32)) & + Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4))) = temp_0_ in attempt <. Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN <: bool) (attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)))) (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 32)) & + Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4))) = temp_0_ in - let attempt:usize = attempt +! sz 1 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let attempt:usize = attempt +! mk_usize 1 in + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) = + (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in let tmp0, tmp1:(u16 & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) = + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) = Libcrux_ml_dsa.Sample.sample_mask_vector #v_SIMDUnit #v_Shake256 #v_Shake256X4 @@ -431,27 +454,28 @@ let sign_internal mask in let domain_separator_for_mask:u16 = tmp0 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = tmp1 in let _:Prims.unit = () in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) - = + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) #FStar.Tactics.Typeclasses.solve mask in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) - = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mask_ntt <: @@ -460,7 +484,7 @@ let sign_internal usize) (fun mask_ntt temp_1_ -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = mask_ntt in let _:usize = temp_1_ in @@ -468,7 +492,7 @@ let sign_internal mask_ntt (fun mask_ntt i -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = mask_ntt in let i:usize = i in @@ -481,10 +505,11 @@ let sign_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4)) in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = Libcrux_ml_dsa.Matrix.compute_matrix_x_mask #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A @@ -493,8 +518,8 @@ let sign_internal a_x_mask in let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) = + (mk_usize 4) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) = Libcrux_ml_dsa.Arithmetic.decompose_vector #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_GAMMA2 @@ -502,20 +527,23 @@ let sign_internal w0 commitment in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = tmp0 in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) = + (mk_usize 4) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let commitment_hash_candidate:t_Array u8 (sz 32) = - Rust_primitives.Hax.repeat 0uy (sz 32) + let commitment_hash_candidate:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in - let commitment_serialized:t_Array u8 (sz 768) = Rust_primitives.Hax.repeat 0uy (sz 768) in - let commitment_serialized:t_Array u8 (sz 768) = + let commitment_serialized:t_Array u8 (mk_usize 768) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 768) + in + let commitment_serialized:t_Array u8 (mk_usize 768) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (commitment <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -538,14 +566,14 @@ let sign_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 32)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake commitment_hash_candidate in let shake:v_Shake256Xof = tmp0 in - let commitment_hash_candidate:t_Array u8 (sz 32) = tmp1 in + let commitment_hash_candidate:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let verifier_challenge:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = @@ -562,32 +590,33 @@ let sign_internal Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit verifier_challenge in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) #FStar.Tactics.Typeclasses.solve s1_as_ntt in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) #FStar.Tactics.Typeclasses.solve s2_as_ntt in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s1 verifier_challenge in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s2 verifier_challenge in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4) = Libcrux_ml_dsa.Matrix.add_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A mask @@ -595,7 +624,8 @@ let sign_internal <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) + = Libcrux_ml_dsa.Matrix.subtract_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A w0 @@ -606,16 +636,16 @@ let sign_internal if Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit (mask <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((1l <. Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_MAX_ONES_IN_HINT then attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4))) else let attempt:usize = Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 32)) = + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 32)) = Core.Option.Option_Some commitment_hash_candidate <: - Core.Option.t_Option (t_Array u8 (sz 32)) + Core.Option.t_Option (t_Array u8 (mk_usize 32)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4)) = Core.Option.Option_Some mask <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) = + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) + = Core.Option.Option_Some hint_candidate <: - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) in attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 32)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4))) - ) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 4)))) in - match commitment_hash <: Core.Option.t_Option (t_Array u8 (sz 32)) with + match commitment_hash <: Core.Option.t_Option (t_Array u8 (mk_usize 32)) with | Core.Option.Option_Some commitment_hash -> - let commitment_hash:t_Array u8 (sz 32) = commitment_hash in + let commitment_hash:t_Array u8 (mk_usize 32) = commitment_hash in (match signer_response <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) with | Core.Option.Option_Some signer_response -> let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) = + (mk_usize 4) = signer_response in - (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 4)) with + (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) with | Core.Option.Option_Some hint -> - let hint:t_Array (t_Array i32 (sz 256)) (sz 4) = hint in - let signature:t_Array u8 (sz 2420) = + let hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4) = hint in + let signature:t_Array u8 (mk_usize 2420) = Libcrux_ml_dsa.Encoding.Signature.serialize #v_SIMDUnit (commitment_hash <: t_Slice u8) (signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (hint <: t_Slice (t_Array i32 (sz 256))) + (hint <: t_Slice (t_Array i32 (mk_usize 256))) Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COMMITMENT_HASH_SIZE Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A @@ -755,7 +791,7 @@ let sign_internal in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Option.Option_None -> signature, @@ -766,7 +802,7 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 2420) & + (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, @@ -777,8 +813,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) - ) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, (Core.Result.Result_Err @@ -788,7 +824,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let verify_internal (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) @@ -805,45 +842,49 @@ let verify_internal (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) = let seed_for_a, t1_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (verification_key <: t_Slice u8) Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A v_VERIFICATION_KEY_SIZE t1_serialized t1 in - let deserialized_commitment_hash:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let deserialized_commitment_hash:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) + in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 4) + (mk_usize 4) in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 4) = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 256) <: t_Array i32 (sz 256)) - (sz 4) + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 256) + <: + t_Array i32 (mk_usize 256)) + (mk_usize 4) in - let tmp0, tmp1, tmp2, out:(t_Array u8 (sz 32) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) & - t_Array (t_Array i32 (sz 256)) (sz 4) & + let tmp0, tmp1, tmp2, out:(t_Array u8 (mk_usize 32) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) & + t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Encoding.Signature.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A @@ -854,12 +895,12 @@ let verify_internal (signature_serialized <: t_Slice u8) deserialized_commitment_hash deserialized_signer_response deserialized_hint in - let deserialized_commitment_hash:t_Array u8 (sz 32) = tmp0 in + let deserialized_commitment_hash:t_Array u8 (mk_usize 32) = tmp0 in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = tmp1 in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 4) = tmp2 in + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4) = tmp2 in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError with | Core.Result.Result_Ok _ -> let _:Prims.unit = () <: Prims.unit in @@ -868,7 +909,9 @@ let verify_internal (deserialized_signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((2l < let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = deserialized_signer_response in let _:usize = temp_1_ in @@ -939,7 +988,7 @@ let verify_internal deserialized_signer_response (fun deserialized_signer_response i -> let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = deserialized_signer_response in let i:usize = i in @@ -952,9 +1001,9 @@ let verify_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4)) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Matrix.compute_w_approx #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_COLUMNS_IN_A @@ -965,15 +1014,19 @@ let verify_internal verifier_challenge t1 in - let recomputed_commitment_hash:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 4) = + let recomputed_commitment_hash:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_GAMMA2 - (deserialized_hint <: t_Slice (t_Array i32 (sz 256))) + (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 in - let commitment_serialized:t_Array u8 (sz 768) = Rust_primitives.Hax.repeat 0uy (sz 768) in - let commitment_serialized:t_Array u8 (sz 768) = + let commitment_serialized:t_Array u8 (mk_usize 768) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 768) + in + let commitment_serialized:t_Array u8 (mk_usize 768) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (t1 <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -996,14 +1049,14 @@ let verify_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 32)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 32)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake recomputed_commitment_hash in let shake:v_Shake256Xof = tmp0 in - let recomputed_commitment_hash:t_Array u8 (sz 32) = tmp1 in + let recomputed_commitment_hash:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in if deserialized_commitment_hash =. recomputed_commitment_hash @@ -1047,8 +1100,8 @@ let sign_pre_hashed_mut Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN then @@ -1059,7 +1112,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 2420) & + (t_Slice u8 & t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) else let pre_hash_buffer:t_Slice u8 = @@ -1074,16 +1127,16 @@ let sign_pre_hashed_mut (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key pre_hash_buffer @@ -1092,13 +1145,13 @@ let sign_pre_hashed_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, signature, hax_temp_output <: - (t_Slice u8 & t_Array u8 (sz 2420) & + (t_Slice u8 & t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> pre_hash_buffer, @@ -1110,7 +1163,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 2420) & + (t_Slice u8 & t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed @@ -1137,41 +1190,41 @@ let sign_pre_hashed Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 2420) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 2420) () in - let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (sz 2420) & + let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_mut #v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH signing_key message context pre_hash_buffer randomness signature.Libcrux_ml_dsa.Types.f_value in let pre_hash_buffer:t_Slice u8 = tmp0 in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) = { signature with Libcrux_ml_dsa.Types.f_value = tmp1 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError = match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let sign_mut @@ -1193,19 +1246,19 @@ let sign_mut i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message @@ -1214,11 +1267,12 @@ let sign_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 2420) = tmp0 in + let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> signature, (Core.Result.Result_Err @@ -1226,7 +1280,8 @@ let sign_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) @@ -1247,31 +1302,31 @@ let sign i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 2420) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 2420) () in - let tmp0, out:(t_Array u8 (sz 2420) & + let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message context randomness signature.Libcrux_ml_dsa.Types.f_value in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) = { signature with Libcrux_ml_dsa.Types.f_value = tmp0 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420) in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError let verify @@ -1289,13 +1344,13 @@ let verify (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError @@ -1340,9 +1395,9 @@ let verify_pre_hashed i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) (#[FStar.Tactics.Typeclasses.tcresolve ()] i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) = let pre_hash_buffer:t_Slice u8 = Libcrux_ml_dsa.Pre_hash.f_hash #v_PH @@ -1356,9 +1411,9 @@ let verify_pre_hashed (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fsti index 716255d52..7a1e61576 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fsti @@ -62,7 +62,7 @@ val generate_key_pair {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -77,10 +77,11 @@ val sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -94,11 +95,11 @@ val verify_internal {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key: t_Array u8 (sz 1312)) + (verification_key: t_Array u8 (mk_usize 1312)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -115,10 +116,10 @@ val sign_pre_hashed_mut {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Slice u8 & t_Array u8 (sz 2420) & + (t_Slice u8 & t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -135,10 +136,10 @@ val sign_pre_hashed {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_mut @@ -150,10 +151,11 @@ val sign_mut {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 2420)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 2420)) : Prims.Pure - (t_Array u8 (sz 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 2420) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -166,9 +168,9 @@ val sign {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify @@ -178,9 +180,9 @@ val verify {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -194,9 +196,9 @@ val verify_pre_hashed {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst index bb138ae8b..e6ac00e9f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst @@ -32,7 +32,7 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let _:Prims.unit = @@ -56,7 +56,9 @@ let generate_key_pair in () in - let seed_expanded:t_Array u8 (sz 128) = Rust_primitives.Hax.repeat 0uy (sz 128) in + let seed_expanded:t_Array u8 (mk_usize 128) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 128) + in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -81,14 +83,14 @@ let generate_key_pair <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 128)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 128)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake seed_expanded in let shake:v_Shake256Xof = tmp0 in - let seed_expanded:t_Array u8 (sz 128) = tmp1 in + let seed_expanded:t_Array u8 (mk_usize 128) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let seed_for_a, seed_expanded:(t_Slice u8 & t_Slice u8) = @@ -101,13 +103,15 @@ let generate_key_pair seed_expanded Libcrux_ml_dsa.Constants.v_SEED_FOR_ERROR_VECTORS_SIZE in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 30) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 30) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 30) + (mk_usize 30) in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 30) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 30) + = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -115,36 +119,36 @@ let generate_key_pair seed_for_a a_as_ntt in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 11) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 11) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 11) + (mk_usize 11) in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 11) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 11) = Libcrux_ml_dsa.Samplex4.sample_s1_and_s2 #v_SIMDUnit #v_Shake256X4 Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ETA seed_for_error_vectors s1_s2 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 5) + (mk_usize 5) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = Core.Slice.impl__copy_from_slice #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) s1_ntt (s1_s2.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A } <: @@ -152,21 +156,23 @@ let generate_key_pair <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (s1_ntt <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) <: usize) (fun s1_ntt temp_1_ -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = s1_ntt in let _:usize = temp_1_ in true) s1_ntt (fun s1_ntt i -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = s1_ntt in let i:usize = i in @@ -177,9 +183,9 @@ let generate_key_pair <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Libcrux_ml_dsa.Matrix.compute_as1_plus_s2 #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A @@ -189,18 +195,23 @@ let generate_key_pair t0 in let _:Prims.unit = () in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6)) = + let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 6) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6)) = Libcrux_ml_dsa.Arithmetic.power2round_vector #v_SIMDUnit t0 t1 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = tmp0 in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = tmp1 in + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = + tmp0 + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = + tmp1 + in let _:Prims.unit = () in let verification_key:t_Slice u8 = Libcrux_ml_dsa.Encoding.Verification_key.generate_serialized #v_SIMDUnit @@ -238,8 +249,8 @@ let sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = let seed_for_a, remaining_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 signing_key Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE @@ -264,48 +275,54 @@ let sign_internal remaining_serialized (v_ERROR_RING_ELEMENT_SIZE *! Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A <: usize) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 5) + (mk_usize 5) in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ETA v_ERROR_RING_ELEMENT_SIZE s1_serialized s1_as_ntt in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ETA v_ERROR_RING_ELEMENT_SIZE s2_serialized s2_as_ntt in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Libcrux_ml_dsa.Encoding.T0.deserialize_to_vector_then_ntt #v_SIMDUnit t0_serialized t0_as_ntt in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 30) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 30) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 30) + (mk_usize 30) in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 30) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 30) = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -313,15 +330,17 @@ let sign_internal seed_for_a matrix in - let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let message_representative:t_Array u8 (sz 64) = + let message_representative:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in + let message_representative:t_Array u8 (mk_usize 64) = Libcrux_ml_dsa.Ml_dsa_generic.derive_message_representative #v_Shake256Xof verification_key_hash domain_separation_context message message_representative in - let mask_seed:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let mask_seed:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -343,84 +362,88 @@ let sign_internal shake (message_representative <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake mask_seed in let shake:v_Shake256Xof = tmp0 in - let mask_seed:t_Array u8 (sz 64) = tmp1 in + let mask_seed:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let (domain_separator_for_mask: u16):u16 = 0us in - let attempt:usize = sz 0 in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 48)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 48)) + let (domain_separator_for_mask: u16):u16 = mk_u16 0 in + let attempt:usize = mk_usize 0 in + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 48)) = + Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 48)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) = Core.Option.Option_None <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) = + Core.Option.Option_None + <: + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) in let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 48)) & + Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5))) = Rust_primitives.f_while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 48)) & + Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5))) = temp_0_ in attempt <. Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN <: bool) (attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)))) (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 48)) & + Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5))) = temp_0_ in - let attempt:usize = attempt +! sz 1 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let attempt:usize = attempt +! mk_usize 1 in + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 5) + (mk_usize 5) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) = + (mk_usize 6) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in let tmp0, tmp1:(u16 & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) = + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) = Libcrux_ml_dsa.Sample.sample_mask_vector #v_SIMDUnit #v_Shake256 #v_Shake256X4 @@ -431,27 +454,28 @@ let sign_internal mask in let domain_separator_for_mask:u16 = tmp0 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = tmp1 in let _:Prims.unit = () in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 6) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) - = + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) #FStar.Tactics.Typeclasses.solve mask in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) - = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mask_ntt <: @@ -460,7 +484,7 @@ let sign_internal usize) (fun mask_ntt temp_1_ -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = mask_ntt in let _:usize = temp_1_ in @@ -468,7 +492,7 @@ let sign_internal mask_ntt (fun mask_ntt i -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = mask_ntt in let i:usize = i in @@ -481,10 +505,11 @@ let sign_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5)) in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 6) = Libcrux_ml_dsa.Matrix.compute_matrix_x_mask #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A @@ -493,8 +518,8 @@ let sign_internal a_x_mask in let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6)) = + (mk_usize 6) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6)) = Libcrux_ml_dsa.Arithmetic.decompose_vector #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_GAMMA2 @@ -502,20 +527,23 @@ let sign_internal w0 commitment in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = tmp0 in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) = + (mk_usize 6) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let commitment_hash_candidate:t_Array u8 (sz 48) = - Rust_primitives.Hax.repeat 0uy (sz 48) + let commitment_hash_candidate:t_Array u8 (mk_usize 48) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 48) in - let commitment_serialized:t_Array u8 (sz 768) = Rust_primitives.Hax.repeat 0uy (sz 768) in - let commitment_serialized:t_Array u8 (sz 768) = + let commitment_serialized:t_Array u8 (mk_usize 768) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 768) + in + let commitment_serialized:t_Array u8 (mk_usize 768) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (commitment <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -538,14 +566,14 @@ let sign_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 48)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 48)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake commitment_hash_candidate in let shake:v_Shake256Xof = tmp0 in - let commitment_hash_candidate:t_Array u8 (sz 48) = tmp1 in + let commitment_hash_candidate:t_Array u8 (mk_usize 48) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let verifier_challenge:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = @@ -562,32 +590,33 @@ let sign_internal Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit verifier_challenge in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) #FStar.Tactics.Typeclasses.solve s1_as_ntt in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6)) #FStar.Tactics.Typeclasses.solve s2_as_ntt in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s1 verifier_challenge in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s2 verifier_challenge in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5) = Libcrux_ml_dsa.Matrix.add_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A mask @@ -595,7 +624,8 @@ let sign_internal <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) + = Libcrux_ml_dsa.Matrix.subtract_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A w0 @@ -606,16 +636,16 @@ let sign_internal if Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit (mask <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((1l <. Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_MAX_ONES_IN_HINT then attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5))) else let attempt:usize = Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 48)) = + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 48)) = Core.Option.Option_Some commitment_hash_candidate <: - Core.Option.t_Option (t_Array u8 (sz 48)) + Core.Option.t_Option (t_Array u8 (mk_usize 48)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5)) = Core.Option.Option_Some mask <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) = + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) + = Core.Option.Option_Some hint_candidate <: - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) in attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 48)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5))) - ) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 5)))) in - match commitment_hash <: Core.Option.t_Option (t_Array u8 (sz 48)) with + match commitment_hash <: Core.Option.t_Option (t_Array u8 (mk_usize 48)) with | Core.Option.Option_Some commitment_hash -> - let commitment_hash:t_Array u8 (sz 48) = commitment_hash in + let commitment_hash:t_Array u8 (mk_usize 48) = commitment_hash in (match signer_response <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) with | Core.Option.Option_Some signer_response -> let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 5) = + (mk_usize 5) = signer_response in - (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 6)) with + (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) with | Core.Option.Option_Some hint -> - let hint:t_Array (t_Array i32 (sz 256)) (sz 6) = hint in - let signature:t_Array u8 (sz 3309) = + let hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6) = hint in + let signature:t_Array u8 (mk_usize 3309) = Libcrux_ml_dsa.Encoding.Signature.serialize #v_SIMDUnit (commitment_hash <: t_Slice u8) (signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (hint <: t_Slice (t_Array i32 (sz 256))) + (hint <: t_Slice (t_Array i32 (mk_usize 256))) Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COMMITMENT_HASH_SIZE Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A @@ -755,7 +791,7 @@ let sign_internal in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Option.Option_None -> signature, @@ -766,7 +802,7 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 3309) & + (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, @@ -777,8 +813,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) - ) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, (Core.Result.Result_Err @@ -788,7 +824,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let verify_internal (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) @@ -805,45 +842,49 @@ let verify_internal (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) = let seed_for_a, t1_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (verification_key <: t_Slice u8) Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 6) + (mk_usize 6) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A v_VERIFICATION_KEY_SIZE t1_serialized t1 in - let deserialized_commitment_hash:t_Array u8 (sz 48) = Rust_primitives.Hax.repeat 0uy (sz 48) in + let deserialized_commitment_hash:t_Array u8 (mk_usize 48) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 48) + in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 5) + (mk_usize 5) in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 6) = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 256) <: t_Array i32 (sz 256)) - (sz 6) + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 256) + <: + t_Array i32 (mk_usize 256)) + (mk_usize 6) in - let tmp0, tmp1, tmp2, out:(t_Array u8 (sz 48) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) & - t_Array (t_Array i32 (sz 256)) (sz 6) & + let tmp0, tmp1, tmp2, out:(t_Array u8 (mk_usize 48) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) & + t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Encoding.Signature.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A @@ -854,12 +895,12 @@ let verify_internal (signature_serialized <: t_Slice u8) deserialized_commitment_hash deserialized_signer_response deserialized_hint in - let deserialized_commitment_hash:t_Array u8 (sz 48) = tmp0 in + let deserialized_commitment_hash:t_Array u8 (mk_usize 48) = tmp0 in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = tmp1 in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 6) = tmp2 in + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6) = tmp2 in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError with | Core.Result.Result_Ok _ -> let _:Prims.unit = () <: Prims.unit in @@ -868,7 +909,9 @@ let verify_internal (deserialized_signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((2l < let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = deserialized_signer_response in let _:usize = temp_1_ in @@ -939,7 +988,7 @@ let verify_internal deserialized_signer_response (fun deserialized_signer_response i -> let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5) = deserialized_signer_response in let i:usize = i in @@ -952,9 +1001,9 @@ let verify_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 5)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5)) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Libcrux_ml_dsa.Matrix.compute_w_approx #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_COLUMNS_IN_A @@ -965,15 +1014,19 @@ let verify_internal verifier_challenge t1 in - let recomputed_commitment_hash:t_Array u8 (sz 48) = Rust_primitives.Hax.repeat 0uy (sz 48) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 6) = + let recomputed_commitment_hash:t_Array u8 (mk_usize 48) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 48) + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_GAMMA2 - (deserialized_hint <: t_Slice (t_Array i32 (sz 256))) + (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 in - let commitment_serialized:t_Array u8 (sz 768) = Rust_primitives.Hax.repeat 0uy (sz 768) in - let commitment_serialized:t_Array u8 (sz 768) = + let commitment_serialized:t_Array u8 (mk_usize 768) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 768) + in + let commitment_serialized:t_Array u8 (mk_usize 768) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (t1 <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -996,14 +1049,14 @@ let verify_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 48)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 48)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake recomputed_commitment_hash in let shake:v_Shake256Xof = tmp0 in - let recomputed_commitment_hash:t_Array u8 (sz 48) = tmp1 in + let recomputed_commitment_hash:t_Array u8 (mk_usize 48) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in if deserialized_commitment_hash =. recomputed_commitment_hash @@ -1047,8 +1100,8 @@ let sign_pre_hashed_mut Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN then @@ -1059,7 +1112,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 3309) & + (t_Slice u8 & t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) else let pre_hash_buffer:t_Slice u8 = @@ -1074,16 +1127,16 @@ let sign_pre_hashed_mut (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key pre_hash_buffer @@ -1092,13 +1145,13 @@ let sign_pre_hashed_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, signature, hax_temp_output <: - (t_Slice u8 & t_Array u8 (sz 3309) & + (t_Slice u8 & t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> pre_hash_buffer, @@ -1110,7 +1163,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 3309) & + (t_Slice u8 & t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed @@ -1137,41 +1190,41 @@ let sign_pre_hashed Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 3309) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 3309) () in - let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (sz 3309) & + let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_mut #v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH signing_key message context pre_hash_buffer randomness signature.Libcrux_ml_dsa.Types.f_value in let pre_hash_buffer:t_Slice u8 = tmp0 in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) = { signature with Libcrux_ml_dsa.Types.f_value = tmp1 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError = match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let sign_mut @@ -1193,19 +1246,19 @@ let sign_mut i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message @@ -1214,11 +1267,12 @@ let sign_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 3309) = tmp0 in + let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> signature, (Core.Result.Result_Err @@ -1226,7 +1280,8 @@ let sign_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) @@ -1247,31 +1302,31 @@ let sign i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 3309) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 3309) () in - let tmp0, out:(t_Array u8 (sz 3309) & + let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message context randomness signature.Libcrux_ml_dsa.Types.f_value in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) = { signature with Libcrux_ml_dsa.Types.f_value = tmp0 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309) in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError let verify @@ -1289,13 +1344,13 @@ let verify (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError @@ -1340,9 +1395,9 @@ let verify_pre_hashed i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) (#[FStar.Tactics.Typeclasses.tcresolve ()] i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) = let pre_hash_buffer:t_Slice u8 = Libcrux_ml_dsa.Pre_hash.f_hash #v_PH @@ -1356,9 +1411,9 @@ let verify_pre_hashed (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fsti index b4528e575..f31704600 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fsti @@ -62,7 +62,7 @@ val generate_key_pair {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -77,10 +77,11 @@ val sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -94,11 +95,11 @@ val verify_internal {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key: t_Array u8 (sz 1952)) + (verification_key: t_Array u8 (mk_usize 1952)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -115,10 +116,10 @@ val sign_pre_hashed_mut {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Slice u8 & t_Array u8 (sz 3309) & + (t_Slice u8 & t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -135,10 +136,10 @@ val sign_pre_hashed {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_mut @@ -150,10 +151,11 @@ val sign_mut {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 3309)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 3309)) : Prims.Pure - (t_Array u8 (sz 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 3309) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -166,9 +168,9 @@ val sign {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify @@ -178,9 +180,9 @@ val verify {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -194,9 +196,9 @@ val verify_pre_hashed {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst index 2a402b17d..e1d512805 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst @@ -32,7 +32,7 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = let _:Prims.unit = @@ -56,7 +56,9 @@ let generate_key_pair in () in - let seed_expanded:t_Array u8 (sz 128) = Rust_primitives.Hax.repeat 0uy (sz 128) in + let seed_expanded:t_Array u8 (mk_usize 128) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 128) + in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -81,14 +83,14 @@ let generate_key_pair <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 128)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 128)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake seed_expanded in let shake:v_Shake256Xof = tmp0 in - let seed_expanded:t_Array u8 (sz 128) = tmp1 in + let seed_expanded:t_Array u8 (mk_usize 128) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let seed_for_a, seed_expanded:(t_Slice u8 & t_Slice u8) = @@ -101,13 +103,15 @@ let generate_key_pair seed_expanded Libcrux_ml_dsa.Constants.v_SEED_FOR_ERROR_VECTORS_SIZE in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 56) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 56) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 56) + (mk_usize 56) in - let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 56) = + let a_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 56) + = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -115,36 +119,36 @@ let generate_key_pair seed_for_a a_as_ntt in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 15) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 15) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 15) + (mk_usize 15) in - let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 15) = + let s1_s2:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 15) = Libcrux_ml_dsa.Samplex4.sample_s1_and_s2 #v_SIMDUnit #v_Shake256X4 Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ETA seed_for_error_vectors s1_s2 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 7) + (mk_usize 7) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = Core.Slice.impl__copy_from_slice #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) s1_ntt (s1_s2.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A } <: @@ -152,21 +156,23 @@ let generate_key_pair <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (s1_ntt <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) <: usize) (fun s1_ntt temp_1_ -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = s1_ntt in let _:usize = temp_1_ in true) s1_ntt (fun s1_ntt i -> - let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = s1_ntt in let i:usize = i in @@ -177,9 +183,9 @@ let generate_key_pair <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Matrix.compute_as1_plus_s2 #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A @@ -189,18 +195,23 @@ let generate_key_pair t0 in let _:Prims.unit = () in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8)) = + let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 8) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8)) = Libcrux_ml_dsa.Arithmetic.power2round_vector #v_SIMDUnit t0 t1 in - let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = tmp0 in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = tmp1 in + let t0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = + tmp0 + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = + tmp1 + in let _:Prims.unit = () in let verification_key:t_Slice u8 = Libcrux_ml_dsa.Encoding.Verification_key.generate_serialized #v_SIMDUnit @@ -238,8 +249,8 @@ let sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = let seed_for_a, remaining_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 signing_key Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE @@ -264,48 +275,54 @@ let sign_internal remaining_serialized (v_ERROR_RING_ELEMENT_SIZE *! Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A <: usize) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 7) + (mk_usize 7) in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let s1_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ETA v_ERROR_RING_ELEMENT_SIZE s1_serialized s1_as_ntt in - let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let s2_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Libcrux_ml_dsa.Encoding.Error.deserialize_to_vector_then_ntt #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ETA v_ERROR_RING_ELEMENT_SIZE s2_serialized s2_as_ntt in - let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t0_as_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Libcrux_ml_dsa.Encoding.T0.deserialize_to_vector_then_ntt #v_SIMDUnit t0_serialized t0_as_ntt in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 56) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 56) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 56) + (mk_usize 56) in - let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 56) = + let matrix:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 56) = Libcrux_ml_dsa.Samplex4.f_matrix_flat #v_Sampler #FStar.Tactics.Typeclasses.solve #v_SIMDUnit @@ -313,15 +330,17 @@ let sign_internal seed_for_a matrix in - let message_representative:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let message_representative:t_Array u8 (sz 64) = + let message_representative:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in + let message_representative:t_Array u8 (mk_usize 64) = Libcrux_ml_dsa.Ml_dsa_generic.derive_message_representative #v_Shake256Xof verification_key_hash domain_separation_context message message_representative in - let mask_seed:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let mask_seed:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in let shake:v_Shake256Xof = Libcrux_ml_dsa.Hash_functions.Shake256.f_init #v_Shake256Xof #FStar.Tactics.Typeclasses.solve () in @@ -343,84 +362,88 @@ let sign_internal shake (message_representative <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake mask_seed in let shake:v_Shake256Xof = tmp0 in - let mask_seed:t_Array u8 (sz 64) = tmp1 in + let mask_seed:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let (domain_separator_for_mask: u16):u16 = 0us in - let attempt:usize = sz 0 in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 64)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 64)) + let (domain_separator_for_mask: u16):u16 = mk_u16 0 in + let attempt:usize = mk_usize 0 in + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 64)) = + Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 64)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) = Core.Option.Option_None <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) = - Core.Option.Option_None <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) = + Core.Option.Option_None + <: + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) in let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 64)) & + Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7))) = Rust_primitives.f_while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 64)) & + Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7))) = temp_0_ in attempt <. Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN <: bool) (attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)))) (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & - Core.Option.t_Option (t_Array u8 (sz 64)) & + Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7))) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7))) = temp_0_ in - let attempt:usize = attempt +! sz 1 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let attempt:usize = attempt +! mk_usize 1 in + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 7) + (mk_usize 7) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) = + (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in let tmp0, tmp1:(u16 & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) = + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) = Libcrux_ml_dsa.Sample.sample_mask_vector #v_SIMDUnit #v_Shake256 #v_Shake256X4 @@ -431,27 +454,28 @@ let sign_internal mask in let domain_separator_for_mask:u16 = tmp0 in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = tmp1 in let _:Prims.unit = () in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) - = + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) #FStar.Tactics.Typeclasses.solve mask in - let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) - = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let mask_ntt:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mask_ntt <: @@ -460,7 +484,7 @@ let sign_internal usize) (fun mask_ntt temp_1_ -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = mask_ntt in let _:usize = temp_1_ in @@ -468,7 +492,7 @@ let sign_internal mask_ntt (fun mask_ntt i -> let mask_ntt:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = mask_ntt in let i:usize = i in @@ -481,10 +505,11 @@ let sign_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7)) in - let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) - = + let a_x_mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 8) = Libcrux_ml_dsa.Matrix.compute_matrix_x_mask #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A @@ -493,8 +518,8 @@ let sign_internal a_x_mask in let tmp0, tmp1:(t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8)) = + (mk_usize 8) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8)) = Libcrux_ml_dsa.Arithmetic.decompose_vector #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_GAMMA2 @@ -502,22 +527,23 @@ let sign_internal w0 commitment in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = tmp0 in let commitment:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) = + (mk_usize 8) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in - let commitment_hash_candidate:t_Array u8 (sz 64) = - Rust_primitives.Hax.repeat 0uy (sz 64) + let commitment_hash_candidate:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in - let commitment_serialized:t_Array u8 (sz 1024) = - Rust_primitives.Hax.repeat 0uy (sz 1024) + let commitment_serialized:t_Array u8 (mk_usize 1024) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1024) in - let commitment_serialized:t_Array u8 (sz 1024) = + let commitment_serialized:t_Array u8 (mk_usize 1024) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (commitment <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -540,14 +566,14 @@ let sign_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake commitment_hash_candidate in let shake:v_Shake256Xof = tmp0 in - let commitment_hash_candidate:t_Array u8 (sz 64) = tmp1 in + let commitment_hash_candidate:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in let verifier_challenge:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = @@ -564,32 +590,33 @@ let sign_internal Libcrux_ml_dsa.Ntt.ntt #v_SIMDUnit verifier_challenge in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) #FStar.Tactics.Typeclasses.solve s1_as_ntt in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Core.Clone.f_clone #(t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8)) + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8)) #FStar.Tactics.Typeclasses.solve s2_as_ntt in let challenge_times_s1:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s1 verifier_challenge in let challenge_times_s2:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Matrix.vector_times_ring_element #v_SIMDUnit challenge_times_s2 verifier_challenge in - let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + let mask:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7) = Libcrux_ml_dsa.Matrix.add_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A mask @@ -597,7 +624,8 @@ let sign_internal <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let w0:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) + = Libcrux_ml_dsa.Matrix.subtract_vectors #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A w0 @@ -608,16 +636,16 @@ let sign_internal if Libcrux_ml_dsa.Arithmetic.vector_infinity_norm_exceeds #v_SIMDUnit (mask <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((1l <. Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_MAX_ONES_IN_HINT then attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7))) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7))) else let attempt:usize = Libcrux_ml_dsa.Constants.v_REJECTION_SAMPLE_BOUND_SIGN in - let commitment_hash:Core.Option.t_Option (t_Array u8 (sz 64)) = + let commitment_hash:Core.Option.t_Option (t_Array u8 (mk_usize 64)) = Core.Option.Option_Some commitment_hash_candidate <: - Core.Option.t_Option (t_Array u8 (sz 64)) + Core.Option.t_Option (t_Array u8 (mk_usize 64)) in let signer_response:Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) = + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7)) = Core.Option.Option_Some mask <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7)) in - let hint:Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) = + let hint:Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) + = Core.Option.Option_Some hint_candidate <: - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) in attempt, commitment_hash, domain_separator_for_mask, hint, signer_response <: - (usize & Core.Option.t_Option (t_Array u8 (sz 64)) & u16 & - Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) & + (usize & Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & + Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7))) - ) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mk_usize 7)))) in - match commitment_hash <: Core.Option.t_Option (t_Array u8 (sz 64)) with + match commitment_hash <: Core.Option.t_Option (t_Array u8 (mk_usize 64)) with | Core.Option.Option_Some commitment_hash -> - let commitment_hash:t_Array u8 (sz 64) = commitment_hash in + let commitment_hash:t_Array u8 (mk_usize 64) = commitment_hash in (match signer_response <: Core.Option.t_Option - (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) with | Core.Option.Option_Some signer_response -> let signer_response:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 7) = + (mk_usize 7) = signer_response in - (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (sz 256)) (sz 8)) with + (match hint <: Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) with | Core.Option.Option_Some hint -> - let hint:t_Array (t_Array i32 (sz 256)) (sz 8) = hint in - let signature:t_Array u8 (sz 4627) = + let hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8) = hint in + let signature:t_Array u8 (mk_usize 4627) = Libcrux_ml_dsa.Encoding.Signature.serialize #v_SIMDUnit (commitment_hash <: t_Slice u8) (signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (hint <: t_Slice (t_Array i32 (sz 256))) + (hint <: t_Slice (t_Array i32 (mk_usize 256))) Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COMMITMENT_HASH_SIZE Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A @@ -757,7 +791,7 @@ let sign_internal in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Option.Option_None -> signature, @@ -768,7 +802,7 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 4627) & + (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, @@ -779,8 +813,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) - ) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError)) | Core.Option.Option_None -> signature, (Core.Result.Result_Err @@ -790,7 +824,8 @@ let sign_internal <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let verify_internal (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof: Type0) @@ -807,45 +842,49 @@ let verify_internal (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) = let seed_for_a, t1_serialized:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (verification_key <: t_Slice u8) Libcrux_ml_dsa.Constants.v_SEED_FOR_A_SIZE in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 8) + (mk_usize 8) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Encoding.Verification_key.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A v_VERIFICATION_KEY_SIZE t1_serialized t1 in - let deserialized_commitment_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let deserialized_commitment_hash:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = Rust_primitives.Hax.repeat (Libcrux_ml_dsa.Polynomial.impl__zero #v_SIMDUnit () <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) - (sz 7) + (mk_usize 7) in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 8) = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 256) <: t_Array i32 (sz 256)) - (sz 8) + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 256) + <: + t_Array i32 (mk_usize 256)) + (mk_usize 8) in - let tmp0, tmp1, tmp2, out:(t_Array u8 (sz 64) & - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) & - t_Array (t_Array i32 (sz 256)) (sz 8) & + let tmp0, tmp1, tmp2, out:(t_Array u8 (mk_usize 64) & + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) & + t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = Libcrux_ml_dsa.Encoding.Signature.deserialize #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A @@ -856,12 +895,12 @@ let verify_internal (signature_serialized <: t_Slice u8) deserialized_commitment_hash deserialized_signer_response deserialized_hint in - let deserialized_commitment_hash:t_Array u8 (sz 64) = tmp0 in + let deserialized_commitment_hash:t_Array u8 (mk_usize 64) = tmp0 in let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = tmp1 in - let deserialized_hint:t_Array (t_Array i32 (sz 256)) (sz 8) = tmp2 in + let deserialized_hint:t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8) = tmp2 in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError with | Core.Result.Result_Ok _ -> let _:Prims.unit = () <: Prims.unit in @@ -870,7 +909,9 @@ let verify_internal (deserialized_signer_response <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - ((2l < let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = deserialized_signer_response in let _:usize = temp_1_ in @@ -941,7 +988,7 @@ let verify_internal deserialized_signer_response (fun deserialized_signer_response i -> let deserialized_signer_response:t_Array - (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7) = + (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7) = deserialized_signer_response in let i:usize = i in @@ -954,9 +1001,9 @@ let verify_internal <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: - t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 7)) + t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7)) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Matrix.compute_w_approx #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_ROWS_IN_A Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_COLUMNS_IN_A @@ -967,15 +1014,19 @@ let verify_internal verifier_challenge t1 in - let recomputed_commitment_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (sz 8) = + let recomputed_commitment_hash:t_Array u8 (mk_usize 64) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) + in + let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_GAMMA2 - (deserialized_hint <: t_Slice (t_Array i32 (sz 256))) + (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 in - let commitment_serialized:t_Array u8 (sz 1024) = Rust_primitives.Hax.repeat 0uy (sz 1024) in - let commitment_serialized:t_Array u8 (sz 1024) = + let commitment_serialized:t_Array u8 (mk_usize 1024) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 1024) + in + let commitment_serialized:t_Array u8 (mk_usize 1024) = Libcrux_ml_dsa.Encoding.Commitment.serialize_vector #v_SIMDUnit v_COMMITMENT_RING_ELEMENT_SIZE (t1 <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -998,14 +1049,14 @@ let verify_internal shake (commitment_serialized <: t_Slice u8) in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake recomputed_commitment_hash in let shake:v_Shake256Xof = tmp0 in - let recomputed_commitment_hash:t_Array u8 (sz 64) = tmp1 in + let recomputed_commitment_hash:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let _:Prims.unit = () in if deserialized_commitment_hash =. recomputed_commitment_hash @@ -1049,8 +1100,8 @@ let sign_pre_hashed_mut Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN then @@ -1061,7 +1112,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 4627) & + (t_Slice u8 & t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) else let pre_hash_buffer:t_Slice u8 = @@ -1076,16 +1127,16 @@ let sign_pre_hashed_mut (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key pre_hash_buffer @@ -1094,13 +1145,13 @@ let sign_pre_hashed_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in pre_hash_buffer, signature, hax_temp_output <: - (t_Slice u8 & t_Array u8 (sz 4627) & + (t_Slice u8 & t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> pre_hash_buffer, @@ -1112,7 +1163,7 @@ let sign_pre_hashed_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Slice u8 & t_Array u8 (sz 4627) & + (t_Slice u8 & t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign_pre_hashed @@ -1139,41 +1190,41 @@ let sign_pre_hashed Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (#[FStar.Tactics.Typeclasses.tcresolve ()] i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 4627) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 4627) () in - let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (sz 4627) & + let tmp0, tmp1, out:(t_Slice u8 & t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_pre_hashed_mut #v_SIMDUnit #v_Sampler #v_Shake128 #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 #v_PH signing_key message context pre_hash_buffer randomness signature.Libcrux_ml_dsa.Types.f_value in let pre_hash_buffer:t_Slice u8 = tmp0 in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) = { signature with Libcrux_ml_dsa.Types.f_value = tmp1 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) in - let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError = match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let sign_mut @@ -1195,19 +1246,19 @@ let sign_mut i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError with | Core.Result.Result_Ok dsc -> let domain_separation_context:Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext = dsc in - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_internal #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message @@ -1216,11 +1267,12 @@ let sign_mut Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) randomness signature in - let signature:t_Array u8 (sz 4627) = tmp0 in + let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in signature, hax_temp_output <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) | Core.Result.Result_Err _ -> signature, (Core.Result.Result_Err @@ -1228,7 +1280,8 @@ let sign_mut <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) <: - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) let sign (#v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4: Type0) @@ -1249,31 +1302,31 @@ let sign i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) = - Libcrux_ml_dsa.Types.impl_4__zero (sz 4627) () + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) = + Libcrux_ml_dsa.Types.impl_4__zero (mk_usize 4627) () in - let tmp0, out:(t_Array u8 (sz 4627) & + let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = sign_mut #v_SIMDUnit #v_Sampler #v_Shake128X4 #v_Shake256 #v_Shake256Xof #v_Shake256X4 signing_key message context randomness signature.Libcrux_ml_dsa.Types.f_value in - let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) = + let signature:Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) = { signature with Libcrux_ml_dsa.Types.f_value = tmp0 } <: - Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627) + Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627) in match out <: Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError with | Core.Result.Result_Ok _ -> Core.Result.Result_Ok signature <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError | Core.Result.Result_Err e -> Core.Result.Result_Err e <: - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError let verify @@ -1291,13 +1344,13 @@ let verify (#[FStar.Tactics.Typeclasses.tcresolve ()] i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) = match Libcrux_ml_dsa.Pre_hash.impl_1__new context - (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (sz 11))) + (Core.Option.Option_None <: Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError @@ -1342,9 +1395,9 @@ let verify_pre_hashed i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof) (#[FStar.Tactics.Typeclasses.tcresolve ()] i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH) - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) = let pre_hash_buffer:t_Slice u8 = Libcrux_ml_dsa.Pre_hash.f_hash #v_PH @@ -1358,9 +1411,9 @@ let verify_pre_hashed (Core.Option.Option_Some (Libcrux_ml_dsa.Pre_hash.f_oid #v_PH #FStar.Tactics.Typeclasses.solve () <: - t_Array u8 (sz 11)) + t_Array u8 (mk_usize 11)) <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: Core.Result.t_Result Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext Libcrux_ml_dsa.Pre_hash.t_DomainSeparationError diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fsti index bebc865cf..74c0f1c06 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fsti @@ -62,7 +62,7 @@ val generate_key_pair {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -77,10 +77,11 @@ val sign_internal (signing_key message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -94,11 +95,11 @@ val verify_internal {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key: t_Array u8 (sz 2592)) + (verification_key: t_Array u8 (mk_usize 2592)) (message: t_Slice u8) (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -115,10 +116,10 @@ val sign_pre_hashed_mut {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Slice u8 & t_Array u8 (sz 4627) & + (t_Slice u8 & t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -135,10 +136,10 @@ val sign_pre_hashed {| i14: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} {| i15: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} (signing_key message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_mut @@ -150,10 +151,11 @@ val sign_mut {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) - (signature: t_Array u8 (sz 4627)) + (randomness: t_Array u8 (mk_usize 32)) + (signature: t_Array u8 (mk_usize 4627)) : Prims.Pure - (t_Array u8 (sz 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) + (t_Array u8 (mk_usize 4627) & + Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) @@ -166,9 +168,9 @@ val sign {| i10: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (signing_key message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify @@ -178,9 +180,9 @@ val verify {| i7: Libcrux_ml_dsa.Hash_functions.Shake128.t_XofX4 v_Shake128X4 |} {| i8: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i9: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) @@ -194,9 +196,9 @@ val verify_pre_hashed {| i11: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i12: Libcrux_ml_dsa.Hash_functions.Shake256.t_Xof v_Shake256Xof |} {| i13: Libcrux_ml_dsa.Pre_hash.t_PreHash v_PH |} - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fst index 6b04e42e0..fd2e7ffec 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fst @@ -4,51 +4,51 @@ open Core open FStar.Mul let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) = - let signing_key, verification_key:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let signing_key, verification_key:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = if Libcrux_platform.Platform.simd256_support () then - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) else if Libcrux_platform.Platform.simd128_support () then - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) else - let tmp0, tmp1:(t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 2560) = tmp0 in - let verification_key:t_Array u8 (sz 1312) = tmp1 in + let signing_key:t_Array u8 (mk_usize 2560) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1312) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) in - signing_key, verification_key <: (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) + signing_key, verification_key <: (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) let sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = if Libcrux_platform.Platform.simd256_support () then @@ -70,17 +70,17 @@ let sign randomness let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = if Libcrux_platform.Platform.simd256_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.sign_pre_hashed_shake128 signing_key message @@ -92,13 +92,13 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) else if Libcrux_platform.Platform.simd128_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_44_.sign_pre_hashed_shake128 signing_key message @@ -110,11 +110,11 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) else let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_44_.sign_pre_hashed_shake128 signing_key message @@ -126,19 +126,19 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) = if Libcrux_platform.Platform.simd256_support () then @@ -160,9 +160,9 @@ let verify signature_serialized let verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fsti index 86e20ee9e..f83ef426d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_44_.fsti @@ -4,40 +4,42 @@ open Core open FStar.Mul val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 2560)) - (verification_key: t_Array u8 (sz 1312)) - : Prims.Pure (t_Array u8 (sz 2560) & t_Array u8 (sz 1312)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 2560)) + (verification_key: t_Array u8 (mk_usize 1312)) + : Prims.Pure (t_Array u8 (mk_usize 2560) & t_Array u8 (mk_usize 1312)) + Prims.l_True + (fun _ -> Prims.l_True) val sign - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 2560)) + (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 2420)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 1312)) + (verification_key_serialized: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 2420)) + (signature_serialized: t_Array u8 (mk_usize 2420)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fst index b6a00d573..6e4277066 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fst @@ -4,51 +4,51 @@ open Core open FStar.Mul let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) = - let signing_key, verification_key:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let signing_key, verification_key:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = if Libcrux_platform.Platform.simd256_support () then - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) else if Libcrux_platform.Platform.simd128_support () then - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) else - let tmp0, tmp1:(t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4032) = tmp0 in - let verification_key:t_Array u8 (sz 1952) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4032) = tmp0 in + let verification_key:t_Array u8 (mk_usize 1952) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) in - signing_key, verification_key <: (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) let sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = if Libcrux_platform.Platform.simd256_support () then @@ -70,17 +70,17 @@ let sign randomness let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = if Libcrux_platform.Platform.simd256_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.sign_pre_hashed_shake128 signing_key message @@ -92,13 +92,13 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) else if Libcrux_platform.Platform.simd128_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_65_.sign_pre_hashed_shake128 signing_key message @@ -110,11 +110,11 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) else let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_65_.sign_pre_hashed_shake128 signing_key message @@ -126,19 +126,19 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) = if Libcrux_platform.Platform.simd256_support () then @@ -160,9 +160,9 @@ let verify signature_serialized let verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fsti index c19ae6a03..e7b002766 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_65_.fsti @@ -4,40 +4,42 @@ open Core open FStar.Mul val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4032)) - (verification_key: t_Array u8 (sz 1952)) - : Prims.Pure (t_Array u8 (sz 4032) & t_Array u8 (sz 1952)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4032)) + (verification_key: t_Array u8 (mk_usize 1952)) + : Prims.Pure (t_Array u8 (mk_usize 4032) & t_Array u8 (mk_usize 1952)) + Prims.l_True + (fun _ -> Prims.l_True) val sign - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4032)) + (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 3309)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 1952)) + (verification_key_serialized: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 3309)) + (signature_serialized: t_Array u8 (mk_usize 3309)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fst index 5e27cee1a..1ce540a7a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fst @@ -4,51 +4,51 @@ open Core open FStar.Mul let generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) = - let signing_key, verification_key:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let signing_key, verification_key:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = if Libcrux_platform.Platform.simd256_support () then - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) else if Libcrux_platform.Platform.simd128_support () then - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) else - let tmp0, tmp1:(t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) = + let tmp0, tmp1:(t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.generate_key_pair randomness signing_key verification_key in - let signing_key:t_Array u8 (sz 4896) = tmp0 in - let verification_key:t_Array u8 (sz 2592) = tmp1 in + let signing_key:t_Array u8 (mk_usize 4896) = tmp0 in + let verification_key:t_Array u8 (mk_usize 2592) = tmp1 in let _:Prims.unit = () in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) in - signing_key, verification_key <: (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) + signing_key, verification_key <: (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) let sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = if Libcrux_platform.Platform.simd256_support () then @@ -70,17 +70,17 @@ let sign randomness let sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = if Libcrux_platform.Platform.simd256_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.sign_pre_hashed_shake128 signing_key message @@ -92,13 +92,13 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) else if Libcrux_platform.Platform.simd128_support () then let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Neon.Ml_dsa_87_.sign_pre_hashed_shake128 signing_key message @@ -110,11 +110,11 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) else let tmp0, out:(t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Portable.Ml_dsa_87_.sign_pre_hashed_shake128 signing_key message @@ -126,19 +126,19 @@ let sign_pre_hashed_shake128 pre_hash_buffer, out <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) in pre_hash_buffer, hax_temp_output <: (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) let verify - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) = if Libcrux_platform.Platform.simd256_support () then @@ -160,9 +160,9 @@ let verify signature_serialized let verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) = let pre_hash_buffer, hax_temp_output:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fsti index d90ff6e68..a0c2a3c37 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Multiplexing.Ml_dsa_87_.fsti @@ -4,40 +4,42 @@ open Core open FStar.Mul val generate_key_pair - (randomness: t_Array u8 (sz 32)) - (signing_key: t_Array u8 (sz 4896)) - (verification_key: t_Array u8 (sz 2592)) - : Prims.Pure (t_Array u8 (sz 4896) & t_Array u8 (sz 2592)) Prims.l_True (fun _ -> Prims.l_True) + (randomness: t_Array u8 (mk_usize 32)) + (signing_key: t_Array u8 (mk_usize 4896)) + (verification_key: t_Array u8 (mk_usize 2592)) + : Prims.Pure (t_Array u8 (mk_usize 4896) & t_Array u8 (mk_usize 2592)) + Prims.l_True + (fun _ -> Prims.l_True) val sign - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure - (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val sign_pre_hashed_shake128 - (signing_key: t_Array u8 (sz 4896)) + (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) : Prims.Pure (t_Slice u8 & - Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (sz 4627)) + Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) val verify - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) : Prims.Pure (Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True (fun _ -> Prims.l_True) val verify_pre_hashed_shake128 - (verification_key_serialized: t_Array u8 (sz 2592)) + (verification_key_serialized: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) - (signature_serialized: t_Array u8 (sz 4627)) + (signature_serialized: t_Array u8 (mk_usize 4627)) : Prims.Pure (t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) Prims.l_True diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst index b39dcc686..0f4b55c8e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fst @@ -18,14 +18,15 @@ let derive_message_representative (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) (message: t_Slice u8) - (message_representative: t_Array u8 (sz 64)) + (message_representative: t_Array u8 (mk_usize 64)) = let _:Prims.unit = if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 verification_key_hash <: usize) =. sz 64 <: bool - ) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 verification_key_hash <: usize) =. mk_usize 64 + <: + bool) in () in @@ -51,10 +52,10 @@ let derive_message_representative shake ((let list = [ - cast (Core.Option.impl__is_some #(t_Array u8 (sz 11)) + cast (Core.Option.impl__is_some #(t_Array u8 (mk_usize 11)) (Libcrux_ml_dsa.Pre_hash.impl_1__pre_hash_oid domain_separation_context <: - Core.Option.t_Option (t_Array u8 (sz 11))) + Core.Option.t_Option (t_Array u8 (mk_usize 11))) <: bool) <: @@ -96,7 +97,7 @@ let derive_message_representative (match Libcrux_ml_dsa.Pre_hash.impl_1__pre_hash_oid domain_separation_context <: - Core.Option.t_Option (t_Array u8 (sz 11)) + Core.Option.t_Option (t_Array u8 (mk_usize 11)) with | Core.Option.Option_Some pre_hash_oid -> Libcrux_ml_dsa.Hash_functions.Shake256.f_absorb #v_Shake256Xof @@ -112,13 +113,13 @@ let derive_message_representative shake message in - let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (sz 64)) = + let tmp0, tmp1:(v_Shake256Xof & t_Array u8 (mk_usize 64)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze #v_Shake256Xof #FStar.Tactics.Typeclasses.solve shake message_representative in let shake:v_Shake256Xof = tmp0 in - let message_representative:t_Array u8 (sz 64) = tmp1 in + let message_representative:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in message_representative diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti index 731a25876..1ba045697 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.fsti @@ -33,5 +33,5 @@ val derive_message_representative (domain_separation_context: Core.Option.t_Option Libcrux_ml_dsa.Pre_hash.t_DomainSeparationContext) (message: t_Slice u8) - (message_representative: t_Array u8 (sz 64)) - : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) + (message_representative: t_Array u8 (mk_usize 64)) + : Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst index 75ba16f21..b03014bde 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ntt.fst @@ -59,7 +59,7 @@ let ntt_multiply_montgomery (lhs rhs: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = let lhs:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (lhs.Libcrux_ml_dsa.Polynomial.f_simd_units <: t_Slice v_SIMDUnit) <: @@ -86,7 +86,7 @@ let ntt_multiply_montgomery <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst index 0ce22c939..44ebea6fb 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fst @@ -56,7 +56,7 @@ let impl__zero () <: v_SIMDUnit) - (sz 32) + (mk_usize 32) } <: t_PolynomialRingElement v_SIMDUnit @@ -68,16 +68,16 @@ let impl__to_i32_array Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (self: t_PolynomialRingElement v_SIMDUnit) = - let result:t_Array i32 (sz 256) = Rust_primitives.Hax.repeat 0l (sz 256) in - let result:t_Array i32 (sz 256) = + let result:t_Array i32 (mk_usize 256) = Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 256) in + let result:t_Array i32 (mk_usize 256) = Rust_primitives.Hax.Folds.fold_enumerated_slice (self.f_simd_units <: t_Slice v_SIMDUnit) (fun result temp_1_ -> - let result:t_Array i32 (sz 256) = result in + let result:t_Array i32 (mk_usize 256) = result in let _:usize = temp_1_ in true) result (fun result temp_1_ -> - let result:t_Array i32 (sz 256) = result in + let result:t_Array i32 (mk_usize 256) = result in let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_range result ({ @@ -86,7 +86,7 @@ let impl__to_i32_array i *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT + (i +! mk_usize 1 <: usize) *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize } @@ -101,7 +101,8 @@ let impl__to_i32_array i *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT + (i +! mk_usize 1 <: usize) *! + Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize } @@ -112,7 +113,7 @@ let impl__to_i32_array <: t_Slice i32) <: - t_Array i32 (sz 256)) + t_Array i32 (mk_usize 256)) in result @@ -128,12 +129,12 @@ let impl__from_i32_array if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #i32 array <: usize) >=. sz 256 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #i32 array <: usize) >=. mk_usize 256 <: bool) in () in let result:t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_dsa.Simd.Traits.v_SIMD_UNITS_IN_RING_ELEMENT (fun result temp_1_ -> let result:t_PolynomialRingElement v_SIMDUnit = result in @@ -157,7 +158,7 @@ let impl__from_i32_array i *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! + (i +! mk_usize 1 <: usize) *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT <: usize @@ -170,7 +171,7 @@ let impl__from_i32_array <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: t_PolynomialRingElement v_SIMDUnit) @@ -187,7 +188,7 @@ let impl__infinity_norm_exceeds = let result:bool = false in let result:bool = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (self.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun result temp_1_ -> let result:bool = result in @@ -215,7 +216,7 @@ let impl__add (self rhs: t_PolynomialRingElement v_SIMDUnit) = let self:t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (self.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun self temp_1_ -> let self:t_PolynomialRingElement v_SIMDUnit = self in @@ -238,7 +239,7 @@ let impl__add <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: t_PolynomialRingElement v_SIMDUnit) @@ -253,7 +254,7 @@ let impl__subtract (self rhs: t_PolynomialRingElement v_SIMDUnit) = let self:t_PolynomialRingElement v_SIMDUnit = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_SIMDUnit (self.f_simd_units <: t_Slice v_SIMDUnit) <: usize) (fun self temp_1_ -> let self:t_PolynomialRingElement v_SIMDUnit = self in @@ -276,7 +277,7 @@ let impl__subtract <: v_SIMDUnit) <: - t_Array v_SIMDUnit (sz 32) + t_Array v_SIMDUnit (mk_usize 32) } <: t_PolynomialRingElement v_SIMDUnit) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti index 96754394f..86724ea22 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Polynomial.fsti @@ -11,7 +11,7 @@ let _ = type t_PolynomialRingElement (v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} - = { f_simd_units:t_Array v_SIMDUnit (sz 32) } + = { f_simd_units:t_Array v_SIMDUnit (mk_usize 32) } [@@ FStar.Tactics.Typeclasses.tcinstance] val impl_1 @@ -37,7 +37,7 @@ val impl__to_i32_array (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (self: t_PolynomialRingElement v_SIMDUnit) - : Prims.Pure (t_Array i32 (sz 256)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array i32 (mk_usize 256)) Prims.l_True (fun _ -> Prims.l_True) val impl__from_i32_array (#v_SIMDUnit: Type0) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst index 9e453aac7..b61a23230 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fst @@ -13,7 +13,7 @@ let _ = let impl: t_PreHash t_SHAKE128_PH = { f_oid_pre = (fun (_: Prims.unit) -> true); - f_oid_post = (fun (_: Prims.unit) (out: t_Array u8 (sz 11)) -> true); + f_oid_post = (fun (_: Prims.unit) (out: t_Array u8 (mk_usize 11)) -> true); f_oid = (fun (_: Prims.unit) -> v_SHAKE128_OID); f_hash_pre = @@ -52,7 +52,7 @@ let impl: t_PreHash t_SHAKE128_PH = if true then let _:Prims.unit = - match Core.Slice.impl__len #u8 output, sz 256 <: (usize & usize) with + match Core.Slice.impl__len #u8 output, mk_usize 256 <: (usize & usize) with | left_val, right_val -> Hax_lib.v_assert (left_val =. right_val <: bool) in () @@ -67,9 +67,12 @@ let impl: t_PreHash t_SHAKE128_PH = } let t_DomainSeparationError_cast_to_repr (x: t_DomainSeparationError) = - match x <: t_DomainSeparationError with | DomainSeparationError_ContextTooLongError -> isz 0 + match x <: t_DomainSeparationError with | DomainSeparationError_ContextTooLongError -> mk_isize 0 -let impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Array u8 (sz 11))) = +let impl_1__new + (context: t_Slice u8) + (pre_hash_oid: Core.Option.t_Option (t_Array u8 (mk_usize 11))) + = if (Core.Slice.impl__len #u8 context <: usize) >. Libcrux_ml_dsa.Constants.v_CONTEXT_MAX_LEN then Core.Result.Result_Err (DomainSeparationError_ContextTooLongError <: t_DomainSeparationError) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti index f7b67d9a2..27c1c846a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Pre_hash.fsti @@ -9,13 +9,13 @@ let _ = let open Libcrux_ml_dsa.Hash_functions.Shake128 in () -let v_PRE_HASH_OID_LEN: usize = sz 11 +let v_PRE_HASH_OID_LEN: usize = mk_usize 11 class t_PreHash (v_Self: Type0) = { f_oid_pre:Prims.unit -> Type0; - f_oid_post:Prims.unit -> t_Array u8 (sz 11) -> Type0; + f_oid_post:Prims.unit -> t_Array u8 (mk_usize 11) -> Type0; f_oid:x0: Prims.unit - -> Prims.Pure (t_Array u8 (sz 11)) (f_oid_pre x0) (fun result -> f_oid_post x0 result); + -> Prims.Pure (t_Array u8 (mk_usize 11)) (f_oid_pre x0) (fun result -> f_oid_post x0 result); f_hash_pre: #v_Shake128: Type0 -> {| i1: Libcrux_ml_dsa.Hash_functions.Shake128.t_Xof v_Shake128 |} -> @@ -43,8 +43,13 @@ class t_PreHash (v_Self: Type0) = { /// digest length 256 bytes. type t_SHAKE128_PH = | SHAKE128_PH : t_SHAKE128_PH -let v_SHAKE128_OID: t_Array u8 (sz 11) = - let list = [6uy; 9uy; 96uy; 134uy; 72uy; 1uy; 101uy; 3uy; 4uy; 2uy; 11uy] in +let v_SHAKE128_OID: t_Array u8 (mk_usize 11) = + let list = + [ + mk_u8 6; mk_u8 9; mk_u8 96; mk_u8 134; mk_u8 72; mk_u8 1; mk_u8 101; mk_u8 3; mk_u8 4; mk_u8 2; + mk_u8 11 + ] + in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 11); Rust_primitives.Hax.array_of_list 11 list @@ -55,7 +60,7 @@ val impl:t_PreHash t_SHAKE128_PH /// the hash function or XOF used for pre-hashing. type t_DomainSeparationContext = { f_context:t_Slice u8; - f_pre_hash_oid:Core.Option.t_Option (t_Array u8 (sz 11)) + f_pre_hash_oid:Core.Option.t_Option (t_Array u8 (mk_usize 11)) } type t_DomainSeparationError = | DomainSeparationError_ContextTooLongError : t_DomainSeparationError @@ -64,7 +69,9 @@ val t_DomainSeparationError_cast_to_repr (x: t_DomainSeparationError) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) /// `context` must be at most 255 bytes long. -val impl_1__new (context: t_Slice u8) (pre_hash_oid: Core.Option.t_Option (t_Array u8 (sz 11))) +val impl_1__new + (context: t_Slice u8) + (pre_hash_oid: Core.Option.t_Option (t_Array u8 (mk_usize 11))) : Prims.Pure (Core.Result.t_Result t_DomainSeparationContext t_DomainSeparationError) Prims.l_True (fun _ -> Prims.l_True) @@ -75,7 +82,9 @@ val impl_1__context (self: t_DomainSeparationContext) /// Returns the pre-hash OID, if any. val impl_1__pre_hash_oid (self: t_DomainSeparationContext) - : Prims.Pure (Core.Option.t_Option (t_Array u8 (sz 11))) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (Core.Option.t_Option (t_Array u8 (mk_usize 11))) + Prims.l_True + (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl_2:Core.Convert.t_From Libcrux_ml_dsa.Types.t_SigningError t_DomainSeparationError diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst index 074861a3d..0e2c1f538 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst @@ -18,19 +18,23 @@ let rejection_sample_less_than_field_modulus Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) + (out: t_Array i32 (mk_usize 263)) = let done:bool = false in - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 24) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (mk_usize 24) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Slice.Iter.t_ChunksExact u8) - (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + (done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) (fun temp_0_ random_bytes -> - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = + temp_0_ + in let random_bytes:t_Slice u8 = random_bytes in if ~.done <: bool then @@ -44,7 +48,7 @@ let rejection_sample_less_than_field_modulus <: t_Slice i32) in - let out:t_Array i32 (sz 263) = + let out:t_Array i32 (mk_usize 263) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from out ({ Core.Ops.Range.f_start = sampled_coefficients } <: @@ -56,29 +60,29 @@ let rejection_sample_less_than_field_modulus if sampled_coefficients >=. Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let done:bool = true in - done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) in let hax_temp_output:bool = done in - sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) + sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (mk_usize 263) & bool) let generate_domain_separator (row, column: (u8 & u8)) = - (cast (column <: u8) <: u16) |. ((cast (row <: u8) <: u16) <>! 8l <: u16) <: u8) + (mk_usize 33) + (cast (domain_separator >>! mk_i32 8 <: u16) <: u8) in out @@ -116,31 +120,37 @@ let sample_up_to_four_ring_elements_flat (columns: usize) (seed: t_Slice u8) (matrix: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (sz 840)) - (tmp_stack: t_Slice (t_Array i32 (sz 263))) + (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (mk_usize 840)) + (tmp_stack: t_Slice (t_Array i32 (mk_usize 263))) (start_index elements_requested: usize) = let _:Prims.unit = if true then - let _:Prims.unit = Hax_lib.v_assert (elements_requested <=. sz 4 <: bool) in + let _:Prims.unit = Hax_lib.v_assert (elements_requested <=. mk_usize 4 <: bool) in () in - let seed0:t_Array u8 (sz 34) = + let seed0:t_Array u8 (mk_usize 34) = add_domain_separator seed (sample_up_to_four_ring_elements_flat__xy start_index columns <: (u8 & u8)) in - let seed1:t_Array u8 (sz 34) = + let seed1:t_Array u8 (mk_usize 34) = add_domain_separator seed - (sample_up_to_four_ring_elements_flat__xy (start_index +! sz 1 <: usize) columns <: (u8 & u8)) + (sample_up_to_four_ring_elements_flat__xy (start_index +! mk_usize 1 <: usize) columns + <: + (u8 & u8)) in - let seed2:t_Array u8 (sz 34) = + let seed2:t_Array u8 (mk_usize 34) = add_domain_separator seed - (sample_up_to_four_ring_elements_flat__xy (start_index +! sz 2 <: usize) columns <: (u8 & u8)) + (sample_up_to_four_ring_elements_flat__xy (start_index +! mk_usize 2 <: usize) columns + <: + (u8 & u8)) in - let seed3:t_Array u8 (sz 34) = + let seed3:t_Array u8 (mk_usize 34) = add_domain_separator seed - (sample_up_to_four_ring_elements_flat__xy (start_index +! sz 3 <: usize) columns <: (u8 & u8)) + (sample_up_to_four_ring_elements_flat__xy (start_index +! mk_usize 3 <: usize) columns + <: + (u8 & u8)) in let state:v_Shake128 = Libcrux_ml_dsa.Hash_functions.Shake128.f_init_absorb #v_Shake128 @@ -150,9 +160,10 @@ let sample_up_to_four_ring_elements_flat (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) in - let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (sz 840) & t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840)) = + let tmp0, tmp1, tmp2, tmp3, tmp4:(v_Shake128 & t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840)) = Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_first_five_blocks #v_Shake128 #FStar.Tactics.Typeclasses.solve state @@ -162,57 +173,57 @@ let sample_up_to_four_ring_elements_flat rand_stack3 in let state:v_Shake128 = tmp0 in - let rand_stack0:t_Array u8 (sz 840) = tmp1 in - let rand_stack1:t_Array u8 (sz 840) = tmp2 in - let rand_stack2:t_Array u8 (sz 840) = tmp3 in - let rand_stack3:t_Array u8 (sz 840) = tmp4 in + let rand_stack0:t_Array u8 (mk_usize 840) = tmp1 in + let rand_stack1:t_Array u8 (mk_usize 840) = tmp2 in + let rand_stack2:t_Array u8 (mk_usize 840) = tmp3 in + let rand_stack3:t_Array u8 (mk_usize 840) = tmp4 in let _:Prims.unit = () in - let sampled0:usize = sz 0 in - let sampled1:usize = sz 0 in - let sampled2:usize = sz 0 in - let sampled3:usize = sz 0 in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let sampled0:usize = mk_usize 0 in + let sampled1:usize = mk_usize 0 in + let sampled2:usize = mk_usize 0 in + let sampled3:usize = mk_usize 0 in + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (rand_stack0 <: t_Slice u8) sampled0 - (tmp_stack.[ sz 0 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 0 ] <: t_Array i32 (mk_usize 263)) in let sampled0:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (mk_usize 0) tmp1 in let done0:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (rand_stack1 <: t_Slice u8) sampled1 - (tmp_stack.[ sz 1 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 1 ] <: t_Array i32 (mk_usize 263)) in let sampled1:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (mk_usize 1) tmp1 in let done1:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (rand_stack2 <: t_Slice u8) sampled2 - (tmp_stack.[ sz 2 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 2 ] <: t_Array i32 (mk_usize 263)) in let sampled2:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (mk_usize 2) tmp1 in let done2:bool = out in - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (rand_stack3 <: t_Slice u8) sampled3 - (tmp_stack.[ sz 3 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 3 ] <: t_Array i32 (mk_usize 263)) in let sampled3:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 3) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (mk_usize 3) tmp1 in let done3:bool = out in let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & @@ -224,7 +235,7 @@ let sample_up_to_four_ring_elements_flat usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263))) = + t_Slice (t_Array i32 (mk_usize 263))) = Rust_primitives.f_while_loop (fun temp_0_ -> let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & bool & @@ -235,14 +246,14 @@ let sample_up_to_four_ring_elements_flat usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263))) = + t_Slice (t_Array i32 (mk_usize 263))) = temp_0_ in (~.done0 <: bool) || (~.done1 <: bool) || (~.done2 <: bool) || (~.done3 <: bool)) (done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack <: (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263)))) + t_Slice (t_Array i32 (mk_usize 263)))) (fun temp_0_ -> let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & bool & @@ -253,97 +264,106 @@ let sample_up_to_four_ring_elements_flat usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263))) = + t_Slice (t_Array i32 (mk_usize 263))) = temp_0_ in let tmp0, out:(v_Shake128 & - (t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168))) - = + (t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168))) = Libcrux_ml_dsa.Hash_functions.Shake128.f_squeeze_next_block #v_Shake128 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake128 = tmp0 in - let randomnesses:(t_Array u8 (sz 168) & t_Array u8 (sz 168) & t_Array u8 (sz 168) & - t_Array u8 (sz 168)) = + let randomnesses:(t_Array u8 (mk_usize 168) & t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168) & + t_Array u8 (mk_usize 168)) = out in - let done0, sampled0, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) = + let done0, sampled0, tmp_stack:(bool & usize & t_Slice (t_Array i32 (mk_usize 263))) = if ~.done0 then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._1 <: t_Slice u8) sampled0 - (tmp_stack.[ sz 0 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 0 ] <: t_Array i32 (mk_usize 263)) in let sampled0:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 0) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack + (mk_usize 0) + tmp1 in let done0:bool = out in - done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) - else done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) + else done0, sampled0, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) in - let done1, sampled1, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) = + let done1, sampled1, tmp_stack:(bool & usize & t_Slice (t_Array i32 (mk_usize 263))) = if ~.done1 then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._2 <: t_Slice u8) sampled1 - (tmp_stack.[ sz 1 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 1 ] <: t_Array i32 (mk_usize 263)) in let sampled1:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 1) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack + (mk_usize 1) + tmp1 in let done1:bool = out in - done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) - else done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) + else done1, sampled1, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) in - let done2, sampled2, tmp_stack:(bool & usize & t_Slice (t_Array i32 (sz 263))) = + let done2, sampled2, tmp_stack:(bool & usize & t_Slice (t_Array i32 (mk_usize 263))) = if ~.done2 then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._3 <: t_Slice u8) sampled2 - (tmp_stack.[ sz 2 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 2 ] <: t_Array i32 (mk_usize 263)) in let sampled2:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 2) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack + (mk_usize 2) + tmp1 in let done2:bool = out in - done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) - else done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (sz 263))) + done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) + else done2, sampled2, tmp_stack <: (bool & usize & t_Slice (t_Array i32 (mk_usize 263))) in if ~.done3 then - let tmp0, tmp1, out:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_field_modulus #v_SIMDUnit (randomnesses._4 <: t_Slice u8) sampled3 - (tmp_stack.[ sz 3 ] <: t_Array i32 (sz 263)) + (tmp_stack.[ mk_usize 3 ] <: t_Array i32 (mk_usize 263)) in let sampled3:usize = tmp0 in - let tmp_stack:t_Slice (t_Array i32 (sz 263)) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack (sz 3) tmp1 + let tmp_stack:t_Slice (t_Array i32 (mk_usize 263)) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp_stack + (mk_usize 3) + tmp1 in let done3:bool = out in done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack <: (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263))) + t_Slice (t_Array i32 (mk_usize 263))) else done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack <: (bool & bool & bool & bool & usize & usize & usize & usize & v_Shake128 & - t_Slice (t_Array i32 (sz 263)))) + t_Slice (t_Array i32 (mk_usize 263)))) in let matrix:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) elements_requested (fun matrix temp_1_ -> let matrix:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = @@ -371,11 +391,12 @@ let sample_up_to_four_ring_elements_flat in matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack <: - (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Slice (t_Array i32 (sz 263))) + (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Slice (t_Array i32 (mk_usize 263))) let rejection_sample_less_than_eta_equals_2_ (#v_SIMDUnit: Type0) @@ -384,19 +405,23 @@ let rejection_sample_less_than_eta_equals_2_ Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) + (out: t_Array i32 (mk_usize 263)) = let done:bool = false in - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (mk_usize 4) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Slice.Iter.t_ChunksExact u8) - (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + (done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) (fun temp_0_ random_bytes -> - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = + temp_0_ + in let random_bytes:t_Slice u8 = random_bytes in if ~.done <: bool then @@ -410,7 +435,7 @@ let rejection_sample_less_than_eta_equals_2_ <: t_Slice i32) in - let out:t_Array i32 (sz 263) = + let out:t_Array i32 (mk_usize 263) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from out ({ Core.Ops.Range.f_start = sampled_coefficients } <: @@ -422,12 +447,12 @@ let rejection_sample_less_than_eta_equals_2_ if sampled_coefficients >=. Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let done:bool = true in - done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) in let hax_temp_output:bool = done in - sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) + sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (mk_usize 263) & bool) let rejection_sample_less_than_eta_equals_4_ (#v_SIMDUnit: Type0) @@ -436,19 +461,23 @@ let rejection_sample_less_than_eta_equals_4_ Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit) (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) + (out: t_Array i32 (mk_usize 263)) = let done:bool = false in - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (mk_usize 4) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Slice.Iter.t_ChunksExact u8) - (done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + (done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) (fun temp_0_ random_bytes -> - let done, out, sampled_coefficients:(bool & t_Array i32 (sz 263) & usize) = temp_0_ in + let done, out, sampled_coefficients:(bool & t_Array i32 (mk_usize 263) & usize) = + temp_0_ + in let random_bytes:t_Slice u8 = random_bytes in if ~.done <: bool then @@ -462,7 +491,7 @@ let rejection_sample_less_than_eta_equals_4_ <: t_Slice i32) in - let out:t_Array i32 (sz 263) = + let out:t_Array i32 (mk_usize 263) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from out ({ Core.Ops.Range.f_start = sampled_coefficients } <: @@ -474,12 +503,12 @@ let rejection_sample_less_than_eta_equals_4_ if sampled_coefficients >=. Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let done:bool = true in - done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize) - else done, out, sampled_coefficients <: (bool & t_Array i32 (sz 263) & usize)) + done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize) + else done, out, sampled_coefficients <: (bool & t_Array i32 (mk_usize 263) & usize)) in let hax_temp_output:bool = done in - sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) + sampled_coefficients, out, hax_temp_output <: (usize & t_Array i32 (mk_usize 263) & bool) let rejection_sample_less_than_eta (#v_SIMDUnit: Type0) @@ -489,44 +518,44 @@ let rejection_sample_less_than_eta (eta: Libcrux_ml_dsa.Constants.t_Eta) (randomness: t_Slice u8) (sampled: usize) - (out: t_Array i32 (sz 263)) + (out: t_Array i32 (mk_usize 263)) = - let (out, sampled), hax_temp_output:((t_Array i32 (sz 263) & usize) & bool) = + let (out, sampled), hax_temp_output:((t_Array i32 (mk_usize 263) & usize) & bool) = match eta <: Libcrux_ml_dsa.Constants.t_Eta with | Libcrux_ml_dsa.Constants.Eta_Two -> - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta_equals_2_ #v_SIMDUnit randomness sampled out in let sampled:usize = tmp0 in - let out:t_Array i32 (sz 263) = tmp1 in - (out, sampled <: (t_Array i32 (sz 263) & usize)), out1 + let out:t_Array i32 (mk_usize 263) = tmp1 in + (out, sampled <: (t_Array i32 (mk_usize 263) & usize)), out1 <: - ((t_Array i32 (sz 263) & usize) & bool) + ((t_Array i32 (mk_usize 263) & usize) & bool) | Libcrux_ml_dsa.Constants.Eta_Four -> - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta_equals_4_ #v_SIMDUnit randomness sampled out in let sampled:usize = tmp0 in - let out:t_Array i32 (sz 263) = tmp1 in - (out, sampled <: (t_Array i32 (sz 263) & usize)), out1 + let out:t_Array i32 (mk_usize 263) = tmp1 in + (out, sampled <: (t_Array i32 (mk_usize 263) & usize)), out1 <: - ((t_Array i32 (sz 263) & usize) & bool) + ((t_Array i32 (mk_usize 263) & usize) & bool) in - sampled, out, hax_temp_output <: (usize & t_Array i32 (sz 263) & bool) + sampled, out, hax_temp_output <: (usize & t_Array i32 (mk_usize 263) & bool) let add_error_domain_separator (slice: t_Slice u8) (domain_separator: u16) = - let out:t_Array u8 (sz 66) = Rust_primitives.Hax.repeat 0uy (sz 66) in - let out:t_Array u8 (sz 66) = + let out:t_Array u8 (mk_usize 66) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 66) in + let out:t_Array u8 (mk_usize 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (out.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: @@ -537,15 +566,15 @@ let add_error_domain_separator (slice: t_Slice u8) (domain_separator: u16) = <: t_Slice u8) in - let out:t_Array u8 (sz 66) = + let out:t_Array u8 (mk_usize 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - (sz 64) + (mk_usize 64) (cast (domain_separator <: u16) <: u8) in - let out:t_Array u8 (sz 66) = + let out:t_Array u8 (mk_usize 66) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - (sz 65) - (cast (domain_separator >>! 8l <: u16) <: u8) + (mk_usize 65) + (cast (domain_separator >>! mk_i32 8 <: u16) <: u8) in out @@ -562,10 +591,16 @@ let sample_four_error_ring_elements (start_index: u16) (re: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = - let seed0:t_Array u8 (sz 66) = add_error_domain_separator seed start_index in - let seed1:t_Array u8 (sz 66) = add_error_domain_separator seed (start_index +! 1us <: u16) in - let seed2:t_Array u8 (sz 66) = add_error_domain_separator seed (start_index +! 2us <: u16) in - let seed3:t_Array u8 (sz 66) = add_error_domain_separator seed (start_index +! 3us <: u16) in + let seed0:t_Array u8 (mk_usize 66) = add_error_domain_separator seed start_index in + let seed1:t_Array u8 (mk_usize 66) = + add_error_domain_separator seed (start_index +! mk_u16 1 <: u16) + in + let seed2:t_Array u8 (mk_usize 66) = + add_error_domain_separator seed (start_index +! mk_u16 2 <: u16) + in + let seed3:t_Array u8 (mk_usize 66) = + add_error_domain_separator seed (start_index +! mk_u16 3 <: u16) + in let state:v_Shake256 = Libcrux_ml_dsa.Hash_functions.Shake256.f_init_absorb_x4 #v_Shake256 #FStar.Tactics.Typeclasses.solve @@ -575,76 +610,80 @@ let sample_four_error_ring_elements (seed3 <: t_Slice u8) in let tmp0, out1:(v_Shake256 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) = + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_first_block_x4 #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomnesses:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & - t_Array u8 (sz 136)) = + let randomnesses:(t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136)) = out1 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0l (sz 263) <: t_Array i32 (sz 263)) - (sz 4) + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 263) + <: + t_Array i32 (mk_usize 263)) + (mk_usize 4) in - let sampled0:usize = sz 0 in - let sampled1:usize = sz 0 in - let sampled2:usize = sz 0 in - let sampled3:usize = sz 0 in - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let sampled0:usize = mk_usize 0 in + let sampled1:usize = mk_usize 0 in + let sampled2:usize = mk_usize 0 in + let sampled3:usize = mk_usize 0 in + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._1 <: t_Slice u8) sampled0 - (out.[ sz 0 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 0 ] <: t_Array i32 (mk_usize 263)) in let sampled0:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 0) tmp1 in let done0:bool = out1 in - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._2 <: t_Slice u8) sampled1 - (out.[ sz 1 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 1 ] <: t_Array i32 (mk_usize 263)) in let sampled1:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 1) tmp1 in let done1:bool = out1 in - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._3 <: t_Slice u8) sampled2 - (out.[ sz 2 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 2 ] <: t_Array i32 (mk_usize 263)) in let sampled2:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 2) tmp1 in let done2:bool = out1 in - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._4 <: t_Slice u8) sampled3 - (out.[ sz 3 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 3 ] <: t_Array i32 (mk_usize 263)) in let sampled3:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 3) tmp1 in let done3:bool = out1 in let done0, done1, done2, done3, out, sampled0, sampled1, sampled2, sampled3, state:(bool & bool & bool & bool & - t_Array (t_Array i32 (sz 263)) (sz 4) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & usize & usize & @@ -655,7 +694,7 @@ let sample_four_error_ring_elements bool & bool & bool & - t_Array (t_Array i32 (sz 263)) (sz 4) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & usize & usize & @@ -666,7 +705,9 @@ let sample_four_error_ring_elements (~.done0 <: bool) || (~.done1 <: bool) || (~.done2 <: bool) || (~.done3 <: bool)) (done0, done1, done2, done3, out, sampled0, sampled1, sampled2, sampled3, state <: - (bool & bool & bool & bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize & usize & usize & + (bool & bool & bool & bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & + usize & + usize & usize & v_Shake256)) (fun temp_0_ -> @@ -674,7 +715,7 @@ let sample_four_error_ring_elements bool & bool & bool & - t_Array (t_Array i32 (sz 263)) (sz 4) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & usize & usize & @@ -683,100 +724,121 @@ let sample_four_error_ring_elements temp_0_ in let tmp0, out1:(v_Shake256 & - (t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136))) - = + (t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136))) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_next_block_x4 #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomnesses:(t_Array u8 (sz 136) & t_Array u8 (sz 136) & t_Array u8 (sz 136) & - t_Array u8 (sz 136)) = + let randomnesses:(t_Array u8 (mk_usize 136) & t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136) & + t_Array u8 (mk_usize 136)) = out1 in - let done0, out, sampled0:(bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) = + let done0, out, sampled0:(bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize + ) = if ~.done0 then - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._1 <: t_Slice u8) sampled0 - (out.[ sz 0 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 0 ] <: t_Array i32 (mk_usize 263)) in let sampled0:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 0) tmp1 in let done0:bool = out1 in - done0, out, sampled0 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) - else done0, out, sampled0 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) + done0, out, sampled0 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) + else + done0, out, sampled0 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) in - let done1, out, sampled1:(bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) = + let done1, out, sampled1:(bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize + ) = if ~.done1 then - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._2 <: t_Slice u8) sampled1 - (out.[ sz 1 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 1 ] <: t_Array i32 (mk_usize 263)) in let sampled1:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 1) tmp1 in let done1:bool = out1 in - done1, out, sampled1 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) - else done1, out, sampled1 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) + done1, out, sampled1 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) + else + done1, out, sampled1 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) in - let done2, out, sampled2:(bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) = + let done2, out, sampled2:(bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize + ) = if ~.done2 then - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._3 <: t_Slice u8) sampled2 - (out.[ sz 2 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 2 ] <: t_Array i32 (mk_usize 263)) in let sampled2:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 2) tmp1 in let done2:bool = out1 in - done2, out, sampled2 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) - else done2, out, sampled2 <: (bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize) + done2, out, sampled2 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) + else + done2, out, sampled2 + <: + (bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize) in if ~.done3 then - let tmp0, tmp1, out1:(usize & t_Array i32 (sz 263) & bool) = + let tmp0, tmp1, out1:(usize & t_Array i32 (mk_usize 263) & bool) = rejection_sample_less_than_eta #v_SIMDUnit eta (randomnesses._4 <: t_Slice u8) sampled3 - (out.[ sz 3 ] <: t_Array i32 (sz 263)) + (out.[ mk_usize 3 ] <: t_Array i32 (mk_usize 263)) in let sampled3:usize = tmp0 in - let out:t_Array (t_Array i32 (sz 263)) (sz 4) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) tmp1 + let out:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (mk_usize 3) tmp1 in let done3:bool = out1 in done0, done1, done2, done3, out, sampled0, sampled1, sampled2, sampled3, state <: - (bool & bool & bool & bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize & usize & + (bool & bool & bool & bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & + usize & usize & usize & v_Shake256) else done0, done1, done2, done3, out, sampled0, sampled1, sampled2, sampled3, state <: - (bool & bool & bool & bool & t_Array (t_Array i32 (sz 263)) (sz 4) & usize & usize & + (bool & bool & bool & bool & t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) & usize & + usize & usize & usize & v_Shake256)) in - let max:usize = (cast (start_index <: u16) <: usize) +! sz 4 in + let max:usize = (cast (start_index <: u16) <: usize) +! mk_usize 4 in let max:usize = if (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) re @@ -800,7 +862,7 @@ let sample_four_error_ring_elements Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re i (Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit - (out.[ i %! sz 4 <: usize ] <: t_Slice i32) + (out.[ i %! mk_usize 4 <: usize ] <: t_Slice i32) (re.[ i ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -817,18 +879,18 @@ let sample_mask_ring_element (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256) - (seed: t_Array u8 (sz 66)) + (seed: t_Array u8 (mk_usize 66)) (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (gamma1_exponent: usize) = let result:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = match cast (gamma1_exponent <: usize) <: u8 with - | 17uy -> - let out:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in - let out:t_Array u8 (sz 576) = + | Rust_primitives.Integers.MkInt 17 -> + let out:t_Array u8 (mk_usize 576) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 576) in + let out:t_Array u8 (mk_usize 576) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256 #FStar.Tactics.Typeclasses.solve - (sz 576) + (mk_usize 576) (seed <: t_Slice u8) out in @@ -839,12 +901,12 @@ let sample_mask_ring_element result in result - | 19uy -> - let out:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in - let out:t_Array u8 (sz 640) = + | Rust_primitives.Integers.MkInt 19 -> + let out:t_Array u8 (mk_usize 640) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 640) in + let out:t_Array u8 (mk_usize 640) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256 #v_Shake256 #FStar.Tactics.Typeclasses.solve - (sz 640) + (mk_usize 640) (seed <: t_Slice u8) out in @@ -871,7 +933,7 @@ let sample_mask_vector i5: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4) (dimension gamma1_exponent: usize) - (seed: t_Array u8 (sz 64)) + (seed: t_Array u8 (mk_usize 64)) (domain_separator: u16) (mask: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = @@ -879,134 +941,138 @@ let sample_mask_vector if true then let _:Prims.unit = - Hax_lib.v_assert ((dimension =. sz 4 <: bool) || (dimension =. sz 5 <: bool) || - (dimension =. sz 7 <: bool)) + Hax_lib.v_assert ((dimension =. mk_usize 4 <: bool) || (dimension =. mk_usize 5 <: bool) || + (dimension =. mk_usize 7 <: bool)) in () in - let seed0:t_Array u8 (sz 66) = add_error_domain_separator (seed <: t_Slice u8) domain_separator in - let seed1:t_Array u8 (sz 66) = - add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! 1us <: u16) + let seed0:t_Array u8 (mk_usize 66) = + add_error_domain_separator (seed <: t_Slice u8) domain_separator + in + let seed1:t_Array u8 (mk_usize 66) = + add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! mk_u16 1 <: u16) in - let seed2:t_Array u8 (sz 66) = - add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! 2us <: u16) + let seed2:t_Array u8 (mk_usize 66) = + add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! mk_u16 2 <: u16) in - let seed3:t_Array u8 (sz 66) = - add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! 3us <: u16) + let seed3:t_Array u8 (mk_usize 66) = + add_error_domain_separator (seed <: t_Slice u8) (domain_separator +! mk_u16 3 <: u16) in - let domain_separator:u16 = domain_separator +! 4us in + let domain_separator:u16 = domain_separator +! mk_u16 4 in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = match cast (gamma1_exponent <: usize) <: u8 with - | 17uy -> - let out0:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in - let out1:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in - let out2:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in - let out3:t_Array u8 (sz 576) = Rust_primitives.Hax.repeat 0uy (sz 576) in - let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (sz 576) & t_Array u8 (sz 576) & t_Array u8 (sz 576) & - t_Array u8 (sz 576)) = + | Rust_primitives.Integers.MkInt 17 -> + let out0:t_Array u8 (mk_usize 576) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 576) in + let out1:t_Array u8 (mk_usize 576) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 576) in + let out2:t_Array u8 (mk_usize 576) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 576) in + let out3:t_Array u8 (mk_usize 576) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 576) in + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (mk_usize 576) & t_Array u8 (mk_usize 576) & + t_Array u8 (mk_usize 576) & + t_Array u8 (mk_usize 576)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256_x4 #v_Shake256X4 - #FStar.Tactics.Typeclasses.solve (sz 576) (seed0 <: t_Slice u8) (seed1 <: t_Slice u8) - (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 + #FStar.Tactics.Typeclasses.solve (mk_usize 576) (seed0 <: t_Slice u8) + (seed1 <: t_Slice u8) (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 in - let out0:t_Array u8 (sz 576) = tmp0 in - let out1:t_Array u8 (sz 576) = tmp1 in - let out2:t_Array u8 (sz 576) = tmp2 in - let out3:t_Array u8 (sz 576) = tmp3 in + let out0:t_Array u8 (mk_usize 576) = tmp0 in + let out1:t_Array u8 (mk_usize 576) = tmp1 in + let out2:t_Array u8 (mk_usize 576) = tmp2 in + let out3:t_Array u8 (mk_usize 576) = tmp3 in let _:Prims.unit = () in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 0) + (mk_usize 0) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out0 <: t_Slice u8) - (mask.[ sz 0 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 0 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 1) + (mk_usize 1) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out1 <: t_Slice u8) - (mask.[ sz 1 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 1 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 2) + (mk_usize 2) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out2 <: t_Slice u8) - (mask.[ sz 2 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 2 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 3) + (mk_usize 3) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out3 <: t_Slice u8) - (mask.[ sz 3 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 3 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in mask - | 19uy -> - let out0:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in - let out1:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in - let out2:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in - let out3:t_Array u8 (sz 640) = Rust_primitives.Hax.repeat 0uy (sz 640) in - let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (sz 640) & t_Array u8 (sz 640) & t_Array u8 (sz 640) & - t_Array u8 (sz 640)) = + | Rust_primitives.Integers.MkInt 19 -> + let out0:t_Array u8 (mk_usize 640) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 640) in + let out1:t_Array u8 (mk_usize 640) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 640) in + let out2:t_Array u8 (mk_usize 640) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 640) in + let out3:t_Array u8 (mk_usize 640) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 640) in + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 (mk_usize 640) & t_Array u8 (mk_usize 640) & + t_Array u8 (mk_usize 640) & + t_Array u8 (mk_usize 640)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_shake256_x4 #v_Shake256X4 - #FStar.Tactics.Typeclasses.solve (sz 640) (seed0 <: t_Slice u8) (seed1 <: t_Slice u8) - (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 + #FStar.Tactics.Typeclasses.solve (mk_usize 640) (seed0 <: t_Slice u8) + (seed1 <: t_Slice u8) (seed2 <: t_Slice u8) (seed3 <: t_Slice u8) out0 out1 out2 out3 in - let out0:t_Array u8 (sz 640) = tmp0 in - let out1:t_Array u8 (sz 640) = tmp1 in - let out2:t_Array u8 (sz 640) = tmp2 in - let out3:t_Array u8 (sz 640) = tmp3 in + let out0:t_Array u8 (mk_usize 640) = tmp0 in + let out1:t_Array u8 (mk_usize 640) = tmp1 in + let out2:t_Array u8 (mk_usize 640) = tmp2 in + let out3:t_Array u8 (mk_usize 640) = tmp3 in let _:Prims.unit = () in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 0) + (mk_usize 0) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out0 <: t_Slice u8) - (mask.[ sz 0 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 0 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 1) + (mk_usize 1) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out1 <: t_Slice u8) - (mask.[ sz 1 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 1 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 2) + (mk_usize 2) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out2 <: t_Slice u8) - (mask.[ sz 2 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 2 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask - (sz 3) + (mk_usize 3) (Libcrux_ml_dsa.Encoding.Gamma1.deserialize #v_SIMDUnit gamma1_exponent (out3 <: t_Slice u8) - (mask.[ sz 3 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) + (mask.[ mk_usize 3 ] <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) <: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) in @@ -1015,7 +1081,7 @@ let sample_mask_vector in let domain_separator, mask:(u16 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = - Rust_primitives.Hax.Folds.fold_range (sz 4) + Rust_primitives.Hax.Folds.fold_range (mk_usize 4) dimension (fun temp_0_ temp_1_ -> let domain_separator, mask:(u16 & @@ -1033,10 +1099,10 @@ let sample_mask_vector temp_0_ in let i:usize = i in - let seed:t_Array u8 (sz 66) = + let seed:t_Array u8 (mk_usize 66) = add_error_domain_separator (seed <: t_Slice u8) domain_separator in - let domain_separator:u16 = domain_separator +! 1us in + let domain_separator:u16 = domain_separator +! mk_u16 1 in let mask:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize mask i @@ -1060,51 +1126,53 @@ let inside_out_shuffle (randomness: t_Slice u8) (out_index: usize) (signs: u64) - (result: t_Array i32 (sz 256)) + (result: t_Array i32 (mk_usize 256)) = let done:bool = false in - let done, out_index, result, signs:(bool & usize & t_Array i32 (sz 256) & u64) = + let done, out_index, result, signs:(bool & usize & t_Array i32 (mk_usize 256) & u64) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter u8) #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__iter #u8 randomness <: Core.Slice.Iter.t_Iter u8) <: Core.Slice.Iter.t_Iter u8) - (done, out_index, result, signs <: (bool & usize & t_Array i32 (sz 256) & u64)) + (done, out_index, result, signs <: (bool & usize & t_Array i32 (mk_usize 256) & u64)) (fun temp_0_ byte -> - let done, out_index, result, signs:(bool & usize & t_Array i32 (sz 256) & u64) = + let done, out_index, result, signs:(bool & usize & t_Array i32 (mk_usize 256) & u64) = temp_0_ in let byte:u8 = byte in if ~.done <: bool then let sample_at:usize = cast (byte <: u8) <: usize in - let out_index, result, signs:(usize & t_Array i32 (sz 256) & u64) = + let out_index, result, signs:(usize & t_Array i32 (mk_usize 256) & u64) = if sample_at <=. out_index then - let result:t_Array i32 (sz 256) = + let result:t_Array i32 (mk_usize 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result out_index (result.[ sample_at ] <: i32) in - let out_index:usize = out_index +! sz 1 in - let result:t_Array i32 (sz 256) = + let out_index:usize = out_index +! mk_usize 1 in + let result:t_Array i32 (mk_usize 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sample_at - (1l -! (2l *! (cast (signs &. 1uL <: u64) <: i32) <: i32) <: i32) + (mk_i32 1 -! (mk_i32 2 *! (cast (signs &. mk_u64 1 <: u64) <: i32) <: i32) + <: + i32) in - let signs:u64 = signs >>! 1l in - out_index, result, signs <: (usize & t_Array i32 (sz 256) & u64) - else out_index, result, signs <: (usize & t_Array i32 (sz 256) & u64) + let signs:u64 = signs >>! mk_i32 1 in + out_index, result, signs <: (usize & t_Array i32 (mk_usize 256) & u64) + else out_index, result, signs <: (usize & t_Array i32 (mk_usize 256) & u64) in let done:bool = out_index =. (Core.Slice.impl__len #i32 (result <: t_Slice i32) <: usize) in - done, out_index, result, signs <: (bool & usize & t_Array i32 (sz 256) & u64) - else done, out_index, result, signs <: (bool & usize & t_Array i32 (sz 256) & u64)) + done, out_index, result, signs <: (bool & usize & t_Array i32 (mk_usize 256) & u64) + else done, out_index, result, signs <: (bool & usize & t_Array i32 (mk_usize 256) & u64)) in let hax_temp_output:bool = done in - out_index, signs, result, hax_temp_output <: (usize & u64 & t_Array i32 (sz 256) & bool) + out_index, signs, result, hax_temp_output <: (usize & u64 & t_Array i32 (mk_usize 256) & bool) let sample_challenge_ring_element (#v_SIMDUnit #v_Shake256: Type0) @@ -1123,35 +1191,38 @@ let sample_challenge_ring_element #FStar.Tactics.Typeclasses.solve seed in - let tmp0, out:(v_Shake256 & t_Array u8 (sz 136)) = + let tmp0, out:(v_Shake256 & t_Array u8 (mk_usize 136)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_first_block #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomness:t_Array u8 (sz 136) = out in + let randomness:t_Array u8 (mk_usize 136) = out in let signs:u64 = - Core.Num.impl__u64__from_le_bytes (Core.Result.impl__unwrap #(t_Array u8 (sz 8)) + Core.Num.impl__u64__from_le_bytes (Core.Result.impl__unwrap #(t_Array u8 (mk_usize 8)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 8)) + #(t_Array u8 (mk_usize 8)) #FStar.Tactics.Typeclasses.solve - (randomness.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + (randomness.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 8 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) <: - Core.Result.t_Result (t_Array u8 (sz 8)) Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array u8 (mk_usize 8)) Core.Array.t_TryFromSliceError) <: - t_Array u8 (sz 8)) + t_Array u8 (mk_usize 8)) in - let result:t_Array i32 (sz 256) = Rust_primitives.Hax.repeat 0l (sz 256) in + let result:t_Array i32 (mk_usize 256) = Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 256) in let out_index:usize = (Core.Slice.impl__len #i32 (result <: t_Slice i32) <: usize) -! number_of_ones in - let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (sz 256) & bool) = - inside_out_shuffle (randomness.[ { Core.Ops.Range.f_start = sz 8 } + let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (mk_usize 256) & bool) = + inside_out_shuffle (randomness.[ { Core.Ops.Range.f_start = mk_usize 8 } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -1162,41 +1233,41 @@ let sample_challenge_ring_element in let out_index:usize = tmp0 in let signs:u64 = tmp1 in - let result:t_Array i32 (sz 256) = tmp2 in + let result:t_Array i32 (mk_usize 256) = tmp2 in let done:bool = out in - let done, out_index, result, signs, state:(bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256) - = + let done, out_index, result, signs, state:(bool & usize & t_Array i32 (mk_usize 256) & u64 & + v_Shake256) = Rust_primitives.f_while_loop (fun temp_0_ -> - let done, out_index, result, signs, state:(bool & usize & t_Array i32 (sz 256) & u64 & + let done, out_index, result, signs, state:(bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256) = temp_0_ in ~.done <: bool) (done, out_index, result, signs, state <: - (bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256)) + (bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256)) (fun temp_0_ -> - let done, out_index, result, signs, state:(bool & usize & t_Array i32 (sz 256) & u64 & + let done, out_index, result, signs, state:(bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256) = temp_0_ in - let tmp0, out:(v_Shake256 & t_Array u8 (sz 136)) = + let tmp0, out:(v_Shake256 & t_Array u8 (mk_usize 136)) = Libcrux_ml_dsa.Hash_functions.Shake256.f_squeeze_next_block #v_Shake256 #FStar.Tactics.Typeclasses.solve state in let state:v_Shake256 = tmp0 in - let randomness:t_Array u8 (sz 136) = out in - let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (sz 256) & bool) = + let randomness:t_Array u8 (mk_usize 136) = out in + let tmp0, tmp1, tmp2, out:(usize & u64 & t_Array i32 (mk_usize 256) & bool) = inside_out_shuffle (randomness <: t_Slice u8) out_index signs result in let out_index:usize = tmp0 in let signs:u64 = tmp1 in - let result:t_Array i32 (sz 256) = tmp2 in + let result:t_Array i32 (mk_usize 256) = tmp2 in let done:bool = out in done, out_index, result, signs, state <: - (bool & usize & t_Array i32 (sz 256) & u64 & v_Shake256)) + (bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256)) in let re:Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit = Libcrux_ml_dsa.Polynomial.impl__from_i32_array #v_SIMDUnit (result <: t_Slice i32) re diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti index 3611537a5..4dcc22f38 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fsti @@ -16,13 +16,13 @@ val rejection_sample_less_than_field_modulus {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) - : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) + (out: t_Array i32 (mk_usize 263)) + : Prims.Pure (usize & t_Array i32 (mk_usize 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val generate_domain_separator: (u8 & u8) -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) val add_domain_separator (slice: t_Slice u8) (indices: (u8 & u8)) - : Prims.Pure (t_Array u8 (sz 34)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 34)) Prims.l_True (fun _ -> Prims.l_True) val sample_up_to_four_ring_elements_flat__xy (index width: usize) : Prims.Pure (u8 & u8) Prims.l_True (fun _ -> Prims.l_True) @@ -41,31 +41,32 @@ val sample_up_to_four_ring_elements_flat (columns: usize) (seed: t_Slice u8) (matrix: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) - (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (sz 840)) - (tmp_stack: t_Slice (t_Array i32 (sz 263))) + (rand_stack0 rand_stack1 rand_stack2 rand_stack3: t_Array u8 (mk_usize 840)) + (tmp_stack: t_Slice (t_Array i32 (mk_usize 263))) (start_index elements_requested: usize) : Prims.Pure - (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Slice (t_Array i32 (sz 263))) Prims.l_True (fun _ -> Prims.l_True) + (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Slice (t_Array i32 (mk_usize 263))) Prims.l_True (fun _ -> Prims.l_True) val rejection_sample_less_than_eta_equals_2_ (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) - : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) + (out: t_Array i32 (mk_usize 263)) + : Prims.Pure (usize & t_Array i32 (mk_usize 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val rejection_sample_less_than_eta_equals_4_ (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (randomness: t_Slice u8) (sampled_coefficients: usize) - (out: t_Array i32 (sz 263)) - : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) + (out: t_Array i32 (mk_usize 263)) + : Prims.Pure (usize & t_Array i32 (mk_usize 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val rejection_sample_less_than_eta (#v_SIMDUnit: Type0) @@ -73,11 +74,11 @@ val rejection_sample_less_than_eta (eta: Libcrux_ml_dsa.Constants.t_Eta) (randomness: t_Slice u8) (sampled: usize) - (out: t_Array i32 (sz 263)) - : Prims.Pure (usize & t_Array i32 (sz 263) & bool) Prims.l_True (fun _ -> Prims.l_True) + (out: t_Array i32 (mk_usize 263)) + : Prims.Pure (usize & t_Array i32 (mk_usize 263) & bool) Prims.l_True (fun _ -> Prims.l_True) val add_error_domain_separator (slice: t_Slice u8) (domain_separator: u16) - : Prims.Pure (t_Array u8 (sz 66)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 66)) Prims.l_True (fun _ -> Prims.l_True) val sample_four_error_ring_elements (#v_SIMDUnit #v_Shake256: Type0) @@ -95,7 +96,7 @@ val sample_mask_ring_element (#v_SIMDUnit #v_Shake256: Type0) {| i2: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} {| i3: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} - (seed: t_Array u8 (sz 66)) + (seed: t_Array u8 (mk_usize 66)) (result: Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (gamma1_exponent: usize) : Prims.Pure (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) @@ -108,7 +109,7 @@ val sample_mask_vector {| i4: Libcrux_ml_dsa.Hash_functions.Shake256.t_DsaXof v_Shake256 |} {| i5: Libcrux_ml_dsa.Hash_functions.Shake256.t_XofX4 v_Shake256X4 |} (dimension gamma1_exponent: usize) - (seed: t_Array u8 (sz 64)) + (seed: t_Array u8 (mk_usize 64)) (domain_separator: u16) (mask: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) : Prims.Pure (u16 & t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) @@ -119,8 +120,10 @@ val inside_out_shuffle (randomness: t_Slice u8) (out_index: usize) (signs: u64) - (result: t_Array i32 (sz 256)) - : Prims.Pure (usize & u64 & t_Array i32 (sz 256) & bool) Prims.l_True (fun _ -> Prims.l_True) + (result: t_Array i32 (mk_usize 256)) + : Prims.Pure (usize & u64 & t_Array i32 (mk_usize 256) & bool) + Prims.l_True + (fun _ -> Prims.l_True) val sample_challenge_ring_element (#v_SIMDUnit #v_Shake256: Type0) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst index 55bb938a2..297e0afc5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.fst @@ -23,17 +23,17 @@ let matrix_flat (seed: t_Slice u8) (matrix: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) = - let rand_stack0:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let rand_stack1:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let rand_stack2:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let rand_stack3:t_Array u8 (sz 840) = Rust_primitives.Hax.repeat 0uy (sz 840) in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = + let rand_stack0:t_Array u8 (mk_usize 840) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 840) in + let rand_stack1:t_Array u8 (mk_usize 840) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 840) in + let rand_stack2:t_Array u8 (mk_usize 840) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 840) in + let rand_stack3:t_Array u8 (mk_usize 840) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 840) in + let tmp_stack:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = let list = [ - Rust_primitives.Hax.repeat 0l (sz 263); - Rust_primitives.Hax.repeat 0l (sz 263); - Rust_primitives.Hax.repeat 0l (sz 263); - Rust_primitives.Hax.repeat 0l (sz 263) + Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 263); + Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 263); + Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 263); + Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 263) ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 4); @@ -41,24 +41,24 @@ let matrix_flat in let matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4)) = - Rust_primitives.Hax.Folds.fold_range_step_by (sz 0) + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4)) = + Rust_primitives.Hax.Folds.fold_range_step_by (mk_usize 0) (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) matrix <: usize) - (sz 4) + (mk_usize 4) (fun temp_0_ temp_1_ -> let matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4)) = + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4)) = temp_0_ in let _:usize = temp_1_ in @@ -66,30 +66,30 @@ let matrix_flat (matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack <: (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4))) + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4))) (fun temp_0_ start_index -> let matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4)) = + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4)) = temp_0_ in let start_index:usize = start_index in let elements_requested:usize = if - (start_index +! sz 4 <: usize) <=. + (start_index +! mk_usize 4 <: usize) <=. (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) matrix <: usize) - then sz 4 + then mk_usize 4 else (Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) matrix @@ -99,11 +99,11 @@ let matrix_flat in let tmp0, tmp1, tmp2, tmp3, tmp4, tmp5:(t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4)) = + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4)) = Libcrux_ml_dsa.Sample.sample_up_to_four_ring_elements_flat #v_SIMDUnit #v_Shake128 columns seed matrix rand_stack0 rand_stack1 rand_stack2 rand_stack3 tmp_stack start_index elements_requested @@ -111,20 +111,20 @@ let matrix_flat let matrix:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = tmp0 in - let rand_stack0:t_Array u8 (sz 840) = tmp1 in - let rand_stack1:t_Array u8 (sz 840) = tmp2 in - let rand_stack2:t_Array u8 (sz 840) = tmp3 in - let rand_stack3:t_Array u8 (sz 840) = tmp4 in - let tmp_stack:t_Array (t_Array i32 (sz 263)) (sz 4) = tmp5 in + let rand_stack0:t_Array u8 (mk_usize 840) = tmp1 in + let rand_stack1:t_Array u8 (mk_usize 840) = tmp2 in + let rand_stack2:t_Array u8 (mk_usize 840) = tmp3 in + let rand_stack3:t_Array u8 (mk_usize 840) = tmp4 in + let tmp_stack:t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4) = tmp5 in let _:Prims.unit = () in matrix, rand_stack0, rand_stack1, rand_stack2, rand_stack3, tmp_stack <: (t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array u8 (sz 840) & - t_Array (t_Array i32 (sz 263)) (sz 4))) + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array u8 (mk_usize 840) & + t_Array (t_Array i32 (mk_usize 263)) (mk_usize 4))) in matrix @@ -144,8 +144,8 @@ let sample_s1_and_s2 Core.Slice.impl__len #(Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) s1_s2 in let s1_s2:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (len /! sz 4 <: usize) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (len /! mk_usize 4 <: usize) (fun s1_s2 temp_1_ -> let s1_s2:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = s1_s2 @@ -162,14 +162,14 @@ let sample_s1_and_s2 #v_Shake256X4 eta seed - (4us *! (cast (i <: usize) <: u16) <: u16) + (mk_u16 4 *! (cast (i <: usize) <: u16) <: u16) s1_s2 <: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) in - let remainder:usize = len %! sz 4 in + let remainder:usize = len %! mk_usize 4 in let s1_s2:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - if remainder <>. sz 0 + if remainder <>. mk_usize 0 then let s1_s2:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = Libcrux_ml_dsa.Sample.sample_four_error_ring_elements #v_SIMDUnit diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst index 4aa328f6f..9d41081b7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst @@ -5,7 +5,7 @@ open FStar.Mul let to_unsigned_representatives_ret (t: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let signs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 31l t + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 (mk_i32 31) t in let conditional_add_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 signs @@ -50,11 +50,11 @@ let montgomery_multiply_by_constant (lhs: Libcrux_intrinsics.Avx2_extract.t_Vec2 in let prod13:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 - 245l + (mk_i32 245) lhs <: Libcrux_intrinsics.Avx2_extract.t_Vec256) - (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l rhs + (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) rhs <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -77,9 +77,9 @@ let montgomery_multiply_by_constant (lhs: Libcrux_intrinsics.Avx2_extract.t_Vec2 Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod13 c13 in let res02_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l res02 + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) res02 in - Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l res02_shifted res13 + Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 (mk_i32 170) res02_shifted res13 let montgomery_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -97,11 +97,11 @@ let montgomery_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in let prod13:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 - 245l + (mk_i32 245) lhs <: Libcrux_intrinsics.Avx2_extract.t_Vec256) - (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l rhs + (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) rhs <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -124,10 +124,10 @@ let montgomery_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod13 c13 in let res02_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l res02 + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) res02 in let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l res02_shifted res13 + Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 (mk_i32 170) res02_shifted res13 in lhs @@ -137,12 +137,12 @@ let shift_left_then_reduce (v_SHIFT_BY: i32) (simd_unit: Libcrux_intrinsics.Avx2 in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l <. 1l + result <>. mk_i32 1 let power2round (r0 r1: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let r0:Libcrux_intrinsics.Avx2_extract.t_Vec256 = to_unsigned_representatives r0 in let r1:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 r0 - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 ((1l < + | Rust_primitives.Integers.MkInt 95232 -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 ceil_of_r_by_128_ - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 11275l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 11275) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 result - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l < + | Rust_primitives.Integers.MkInt 261888 -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 ceil_of_r_by_128_ - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 1025l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 1025) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 result - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (1l < r1 in - let alpha:i32 = gamma2 *! 2l in + let alpha:i32 = gamma2 *! mk_i32 2 in let r0_tmp:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 r1 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 alpha @@ -278,10 +278,10 @@ let decompose (gamma2: i32) (r r0 r1: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let field_modulus_halved:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 ((Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS -! - 1l + mk_i32 1 <: i32) /! - 2l + mk_i32 2 <: i32) in @@ -289,7 +289,7 @@ let decompose (gamma2: i32) (r r0 r1: Libcrux_intrinsics.Avx2_extract.t_Vec256) Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 field_modulus_halved r0_tmp in let mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 31l mask + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 (mk_i32 31) mask in let field_modulus_and_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 mask @@ -338,7 +338,7 @@ let compute_hint in let hint:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 hint - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 1l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 1) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -366,7 +366,7 @@ let use_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 all_zeros hint r0 in let negate_hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 1l negate_hints + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 (mk_i32 1) negate_hints in let hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 hint negate_hints @@ -377,9 +377,9 @@ let use_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let hint, r1_plus_hints:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) = match gamma2 <: i32 with - | 95232l -> + | Rust_primitives.Integers.MkInt 95232 -> let max:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 43l + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 43) in let r1_plus_hints:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.vec256_blendv_epi32 r1_plus_hints max r1_plus_hints @@ -395,10 +395,10 @@ let use_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = hint, r1_plus_hints <: (Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) - | 261888l -> + | Rust_primitives.Integers.MkInt 261888 -> let hint:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 r1_plus_hints - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 15l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 15) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst index 705c073d9..79f851d54 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Commitment.fst @@ -4,22 +4,36 @@ open Core open FStar.Mul let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) = - let serialized:t_Array u8 (sz 19) = Rust_primitives.Hax.repeat 0uy (sz 19) in - let out, serialized:(t_Slice u8 & t_Array u8 (sz 19)) = + let serialized:t_Array u8 (mk_usize 19) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 19) in + let out, serialized:(t_Slice u8 & t_Array u8 (mk_usize 19)) = match cast (Core.Slice.impl__len #u8 out <: usize) <: u8 with - | 4uy -> + | Rust_primitives.Integers.MkInt 4 -> let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 28l 0l 28l 0l 28l 0l 28l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 28) + (mk_i32 0) + (mk_i32 28) + (mk_i32 0) + (mk_i32 28) + (mk_i32 0) + (mk_i32 28) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 28l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 28) adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 0l 0l 6l 2l 4l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 0) + (mk_i32 0) + (mk_i32 0) + (mk_i32 6) + (mk_i32 2) + (mk_i32 4) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -28,19 +42,20 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slic in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 240uy 240uy 240uy 240uy 240uy 240uy 240uy - 240uy 240uy 240uy 240uy 240uy 12uy 4uy 8uy 0uy + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 (mk_u8 240) (mk_u8 240) (mk_u8 240) + (mk_u8 240) (mk_u8 240) (mk_u8 240) (mk_u8 240) (mk_u8 240) (mk_u8 240) (mk_u8 240) + (mk_u8 240) (mk_u8 240) (mk_u8 12) (mk_u8 4) (mk_u8 8) (mk_u8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec128) in - let serialized:t_Array u8 (sz 19) = + let serialized:t_Array u8 (mk_usize 19) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -53,55 +68,74 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slic let out:t_Slice u8 = Core.Slice.impl__copy_from_slice #u8 out - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in - out, serialized <: (t_Slice u8 & t_Array u8 (sz 19)) - | 6uy -> + out, serialized <: (t_Slice u8 & t_Array u8 (mk_usize 19)) + | Rust_primitives.Integers.MkInt 6 -> let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 26l 0l 26l 0l 26l 0l 26l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 26) + (mk_i32 0) + (mk_i32 26) + (mk_i32 0) + (mk_i32 26) + (mk_i32 0) + (mk_i32 26) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 26l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 26) adjacent_2_combined in let adjacent_3_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) - (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) - (-1y) (-1y) (-1y) (-1y) (-1y) 9y 8y 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 9) (mk_i8 8) (mk_i8 1) (mk_i8 0) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 9) (mk_i8 8) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_3_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 adjacent_3_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 1s 1s 1s 1s 1s 1s 1s (1s < out, serialized <: (t_Slice u8 & t_Array u8 (sz 19)) + out, serialized <: (t_Slice u8 & t_Array u8 (mk_usize 19)) + | _ -> out, serialized <: (t_Slice u8 & t_Array u8 (mk_usize 19)) in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst index 9d33278d4..570034fde 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst @@ -4,7 +4,7 @@ open Core open FStar.Mul let serialize_when_eta_is_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) = - let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in + let serialized:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 serialize_when_eta_is_2___ETA @@ -14,31 +14,49 @@ let serialize_when_eta_is_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec25 in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 29l 0l 29l 0l 29l 0l 29l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 29) + (mk_i32 0) + (mk_i32 29) + (mk_i32 0) + (mk_i32 29) + (mk_i32 0) + (mk_i32 29) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 29l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 29) adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) - (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 8y (-1y) 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) - (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 8y (-1y) 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 8) (mk_i8 (-1)) (mk_i8 0) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 8) (mk_i8 (-1)) + (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 0s 0s 0s 0s 0s 0s (1s < 2l - | Libcrux_ml_dsa.Constants.Eta_Four -> 4l + | Libcrux_ml_dsa.Constants.Eta_Two -> mk_i32 2 + | Libcrux_ml_dsa.Constants.Eta_Four -> mk_i32 4 in let out:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti index 7cabc3562..78eee7f4d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti @@ -3,12 +3,12 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Error open Core open FStar.Mul -let serialize_when_eta_is_2___ETA: i32 = 2l +let serialize_when_eta_is_2___ETA: i32 = mk_i32 2 val serialize_when_eta_is_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let serialize_when_eta_is_4___ETA: i32 = 4l +let serialize_when_eta_is_4___ETA: i32 = mk_i32 4 val serialize_when_eta_is_4_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -19,12 +19,14 @@ val serialize (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize_to_unsigned_when_eta_is_2___COEFFICIENT_MASK: i32 = (1l < Prims.l_True) -let deserialize_to_unsigned_when_eta_is_4___COEFFICIENT_MASK: i32 = (1l < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst index cc642fd12..095929d55 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst @@ -7,7 +7,7 @@ let serialize_when_gamma1_is_2_pow_17_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 serialize_when_gamma1_is_2_pow_17___GAMMA1 @@ -17,39 +17,49 @@ let serialize_when_gamma1_is_2_pow_17_ in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 14l 0l 14l 0l 14l 0l 14l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 14) + (mk_i32 0) + (mk_i32 14) + (mk_i32 0) + (mk_i32 14) + (mk_i32 0) + (mk_i32 14) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 14l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 14) adjacent_2_combined in let every_second_element:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 8l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_bsrli_epi128 (mk_i32 8) adjacent_2_combined in let every_second_element_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 36l every_second_element + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi64 (mk_i32 36) every_second_element in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi64 adjacent_2_combined every_second_element_shifted in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi64 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x 28L 0L 28L 0L + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi64x (mk_i64 28) + (mk_i64 0) + (mk_i64 28) + (mk_i64 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -60,16 +70,16 @@ let serialize_when_gamma1_is_2_pow_17_ t_Slice u8) in let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) adjacent_4_combined in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 25 } + ({ Core.Ops.Range.f_start = mk_usize 9; Core.Ops.Range.f_end = mk_usize 25 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 9; - Core.Ops.Range.f_end = sz 25 + Core.Ops.Range.f_start = mk_usize 9; + Core.Ops.Range.f_end = mk_usize 25 } <: Core.Ops.Range.t_Range usize ] @@ -82,7 +92,7 @@ let serialize_when_gamma1_is_2_pow_17_ let out:t_Slice u8 = Core.Slice.impl__copy_from_slice #u8 out - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 18 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 18 } <: Core.Ops.Range.t_Range usize ] <: @@ -94,7 +104,7 @@ let serialize_when_gamma1_is_2_pow_19_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 serialize_when_gamma1_is_2_pow_19___GAMMA1 @@ -104,32 +114,41 @@ let serialize_when_gamma1_is_2_pow_19_ in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit_shifted - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 12l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 12) adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 12y 11y - 10y 9y 8y 4y 3y 2y 1y 0y (-1y) (-1y) (-1y) (-1y) (-1y) (-1y) 12y 11y 10y 9y 8y 4y 3y 2y 1y - 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 12) (mk_i8 11) (mk_i8 10) (mk_i8 9) + (mk_i8 8) (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 12) (mk_i8 11) (mk_i8 10) + (mk_i8 9) (mk_i8 8) (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -140,16 +159,16 @@ let serialize_when_gamma1_is_2_pow_19_ t_Slice u8) in let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) adjacent_4_combined in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 26 } + ({ Core.Ops.Range.f_start = mk_usize 10; Core.Ops.Range.f_end = mk_usize 26 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 10; - Core.Ops.Range.f_end = sz 26 + Core.Ops.Range.f_start = mk_usize 10; + Core.Ops.Range.f_end = mk_usize 26 } <: Core.Ops.Range.t_Range usize ] @@ -162,7 +181,7 @@ let serialize_when_gamma1_is_2_pow_19_ let out:t_Slice u8 = Core.Slice.impl__copy_from_slice #u8 out - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 20 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 20 } <: Core.Ops.Range.t_Range usize ] <: @@ -177,8 +196,8 @@ let serialize = let serialized:t_Slice u8 = match cast (gamma1_exponent <: usize) <: u8 with - | 17uy -> serialize_when_gamma1_is_2_pow_17_ simd_unit serialized - | 19uy -> serialize_when_gamma1_is_2_pow_19_ simd_unit serialized + | Rust_primitives.Integers.MkInt 17 -> serialize_when_gamma1_is_2_pow_17_ simd_unit serialized + | Rust_primitives.Integers.MkInt 19 -> serialize_when_gamma1_is_2_pow_19_ simd_unit serialized | _ -> serialized in serialized @@ -191,14 +210,14 @@ let deserialize_when_gamma1_is_2_pow_17_ if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 18 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 18 <: bool) in () in let serialized_lower:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -207,8 +226,8 @@ let deserialize_when_gamma1_is_2_pow_17_ in let serialized_upper:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 2; - Core.Ops.Range.f_end = sz 18 + Core.Ops.Range.f_start = mk_usize 2; + Core.Ops.Range.f_end = mk_usize 18 } <: Core.Ops.Range.t_Range usize ] @@ -220,14 +239,24 @@ let deserialize_when_gamma1_is_2_pow_17_ in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 15y 14y 13y (-1y) 13y 12y 11y (-1y) 11y - 10y 9y (-1y) 9y 8y 7y (-1y) 8y 7y 6y (-1y) 6y 5y 4y (-1y) 4y 3y 2y (-1y) 2y 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 15) (mk_i8 14) (mk_i8 13) + (mk_i8 (-1)) (mk_i8 13) (mk_i8 12) (mk_i8 11) (mk_i8 (-1)) (mk_i8 11) (mk_i8 10) (mk_i8 9) + (mk_i8 (-1)) (mk_i8 9) (mk_i8 8) (mk_i8 7) (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 6) + (mk_i8 (-1)) (mk_i8 6) (mk_i8 5) (mk_i8 4) (mk_i8 (-1)) (mk_i8 4) (mk_i8 3) (mk_i8 2) + (mk_i8 (-1)) (mk_i8 2) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 6l 4l 2l 0l 6l 4l 2l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 6) + (mk_i32 4) + (mk_i32 2) + (mk_i32 0) + (mk_i32 6) + (mk_i32 4) + (mk_i32 2) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -255,14 +284,14 @@ let deserialize_when_gamma1_is_2_pow_19_ if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 20 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 20 <: bool) in () in let serialized_lower:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -271,8 +300,8 @@ let deserialize_when_gamma1_is_2_pow_19_ in let serialized_upper:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 4; - Core.Ops.Range.f_end = sz 20 + Core.Ops.Range.f_start = mk_usize 4; + Core.Ops.Range.f_end = mk_usize 20 } <: Core.Ops.Range.t_Range usize ] @@ -284,14 +313,24 @@ let deserialize_when_gamma1_is_2_pow_19_ in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 15y 14y 13y (-1y) 13y 12y 11y (-1y) 10y - 9y 8y (-1y) 8y 7y 6y (-1y) 9y 8y 7y (-1y) 7y 6y 5y (-1y) 4y 3y 2y (-1y) 2y 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 15) (mk_i8 14) (mk_i8 13) + (mk_i8 (-1)) (mk_i8 13) (mk_i8 12) (mk_i8 11) (mk_i8 (-1)) (mk_i8 10) (mk_i8 9) (mk_i8 8) + (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 (-1)) (mk_i8 9) (mk_i8 8) (mk_i8 7) + (mk_i8 (-1)) (mk_i8 7) (mk_i8 6) (mk_i8 5) (mk_i8 (-1)) (mk_i8 4) (mk_i8 3) (mk_i8 2) + (mk_i8 (-1)) (mk_i8 2) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 4l 0l 4l 0l 4l 0l 4l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 4) + (mk_i32 0) + (mk_i32 4) + (mk_i32 0) + (mk_i32 4) + (mk_i32 0) + (mk_i32 4) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -318,8 +357,8 @@ let deserialize = let out:Libcrux_intrinsics.Avx2_extract.t_Vec256 = match cast (gamma1_exponent <: usize) <: u8 with - | 17uy -> deserialize_when_gamma1_is_2_pow_17_ serialized out - | 19uy -> deserialize_when_gamma1_is_2_pow_19_ serialized out + | Rust_primitives.Integers.MkInt 17 -> deserialize_when_gamma1_is_2_pow_17_ serialized out + | Rust_primitives.Integers.MkInt 19 -> deserialize_when_gamma1_is_2_pow_19_ serialized out | _ -> out in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti index 5ed6a3299..8e1d6897e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti @@ -3,14 +3,14 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1 open Core open FStar.Mul -let serialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = 1l < Prims.l_True) -let serialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = 1l < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = 1l < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = 1l < Hax_lib.v_assert (left_val =. right_val <: bool) in () in - let serialized_extended:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in - let serialized_extended:t_Array u8 (sz 16) = + let serialized_extended:t_Array u8 (mk_usize 16) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) + in + let serialized_extended:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized_extended - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 13 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 13 } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (serialized_extended.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 13 } + (serialized_extended.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 13 + } <: Core.Ops.Range.t_Range usize ] <: @@ -105,15 +131,24 @@ let deserialize (serialized: t_Slice u8) (out: Libcrux_intrinsics.Avx2_extract.t in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 serialized - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) 12y 11y (-1y) 11y 10y 9y (-1y) - (-1y) 9y 8y (-1y) 8y 7y 6y (-1y) 6y 5y 4y (-1y) (-1y) 4y 3y (-1y) 3y 2y 1y (-1y) (-1y) 1y - 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 12) + (mk_i8 11) (mk_i8 (-1)) (mk_i8 11) (mk_i8 10) (mk_i8 9) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 9) (mk_i8 8) (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 (-1)) (mk_i8 6) + (mk_i8 5) (mk_i8 4) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 4) (mk_i8 3) (mk_i8 (-1)) (mk_i8 3) + (mk_i8 2) (mk_i8 1) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 3l 6l 1l 4l 7l 2l 5l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 3) + (mk_i32 6) + (mk_i32 1) + (mk_i32 4) + (mk_i32 7) + (mk_i32 2) + (mk_i32 5) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti index 6b69d7c41..42b13a39c 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti @@ -9,7 +9,7 @@ val change_interval (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) val serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize__COEFFICIENT_MASK: i32 = (1l < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst index 71cf87a0d..31b3de391 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst @@ -8,46 +8,67 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slic if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 out <: usize) =. sz 10 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 out <: usize) =. mk_usize 10 <: bool) in () in - let serialized:t_Array u8 (sz 24) = Rust_primitives.Hax.repeat 0uy (sz 24) in + let serialized:t_Array u8 (mk_usize 24) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 24) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 simd_unit - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 22l 0l 22l 0l 22l 0l 22l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 22) + (mk_i32 0) + (mk_i32 22) + (mk_i32 0) + (mk_i32 22) + (mk_i32 0) + (mk_i32 22) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 22l adjacent_2_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 22) adjacent_2_combined in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 adjacent_2_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 0l 6l 4l 0l 0l 2l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 0) + (mk_i32 6) + (mk_i32 4) + (mk_i32 0) + (mk_i32 0) + (mk_i32 2) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_4_combined - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 12l 0l 12l 0l 12l 0l 12l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) + (mk_i32 0) + (mk_i32 12) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 12l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 (mk_i32 12) adjacent_4_combined in let lower_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_4_combined in - let serialized:t_Array u8 (sz 24) = + let serialized:t_Array u8 (mk_usize 24) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -58,16 +79,16 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slic t_Slice u8) in let upper_4_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_4_combined + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) adjacent_4_combined in - let serialized:t_Array u8 (sz 24) = + let serialized:t_Array u8 (mk_usize 24) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 21 } + ({ Core.Ops.Range.f_start = mk_usize 5; Core.Ops.Range.f_end = mk_usize 21 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 (serialized.[ { - Core.Ops.Range.f_start = sz 5; - Core.Ops.Range.f_end = sz 21 + Core.Ops.Range.f_start = mk_usize 5; + Core.Ops.Range.f_end = mk_usize 21 } <: Core.Ops.Range.t_Range usize ] @@ -80,7 +101,7 @@ let serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slic let out:t_Slice u8 = Core.Slice.impl__copy_from_slice #u8 out - (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } + (serialized.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 10 } <: Core.Ops.Range.t_Range usize ] <: @@ -93,19 +114,24 @@ let deserialize (bytes: t_Slice u8) (out: Libcrux_intrinsics.Avx2_extract.t_Vec2 if true then let _:Prims.unit = - match Core.Slice.impl__len #u8 bytes, sz 10 <: (usize & usize) with + match Core.Slice.impl__len #u8 bytes, mk_usize 10 <: (usize & usize) with | left_val, right_val -> Hax_lib.v_assert (left_val =. right_val <: bool) in () in - let bytes_extended:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in - let bytes_extended:t_Array u8 (sz 16) = + let bytes_extended:t_Array u8 (mk_usize 16) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) + in + let bytes_extended:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range bytes_extended - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 10 } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (bytes_extended.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } + (bytes_extended.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 10 + } <: Core.Ops.Range.t_Range usize ] <: @@ -122,15 +148,24 @@ let deserialize (bytes: t_Slice u8) (out: Libcrux_intrinsics.Avx2_extract.t_Vec2 in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 bytes_loaded - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) 9y 8y (-1y) (-1y) 8y 7y (-1y) - (-1y) 7y 6y (-1y) (-1y) 6y 5y (-1y) (-1y) 4y 3y (-1y) (-1y) 3y 2y (-1y) (-1y) 2y 1y (-1y) - (-1y) 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 9) (mk_i8 8) + (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 7) + (mk_i8 6) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 6) (mk_i8 5) (mk_i8 (-1)) (mk_i8 (-1)) + (mk_i8 4) (mk_i8 3) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 3) (mk_i8 2) (mk_i8 (-1)) + (mk_i8 (-1)) (mk_i8 2) (mk_i8 1) (mk_i8 (-1)) (mk_i8 (-1)) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srlv_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 6l 4l 2l 0l 6l 4l 2l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 6) + (mk_i32 4) + (mk_i32 2) + (mk_i32 0) + (mk_i32 6) + (mk_i32 4) + (mk_i32 2) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti index 9e8db82fb..85afbf850 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti @@ -6,7 +6,7 @@ open FStar.Mul val serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize__COEFFICIENT_MASK: i32 = (1l < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst index 456c7bb71..6775d3204 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst @@ -8,10 +8,10 @@ let simd_unit_invert_ntt_at_layer_0_ (zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13: i32) = let a_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l simd_unit0 + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) simd_unit0 in let b_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l simd_unit1 + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) simd_unit1 in let lo_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi64 a_shuffled b_shuffled @@ -50,7 +50,7 @@ let simd_unit_invert_ntt_at_layer_0_ { Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) a_shuffled } <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 @@ -59,7 +59,7 @@ let simd_unit_invert_ntt_at_layer_0_ { Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) b_shuffled } <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 @@ -126,10 +126,10 @@ let simd_unit_invert_ntt_at_layer_2_ (zeta0 zeta1: i32) = let lo_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 32l simd_unit0 simd_unit1 + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 32) simd_unit0 simd_unit1 in let hi_values:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 49l simd_unit0 simd_unit1 + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 49) simd_unit0 simd_unit1 in let differences:Libcrux_intrinsics.Avx2_extract.t_Vec256 = hi_values in let differences:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -149,7 +149,7 @@ let simd_unit_invert_ntt_at_layer_2_ { Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 32l sums differences + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 32) sums differences } <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 @@ -158,7 +158,7 @@ let simd_unit_invert_ntt_at_layer_2_ { Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 49l sums differences + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 49) sums differences } <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 @@ -168,7 +168,7 @@ let simd_unit_invert_ntt_at_layer_2_ (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) let invert_ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13: i32) = @@ -176,88 +176,105 @@ let invert_ntt_at_layer_0___round Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) = simd_unit_invert_ntt_at_layer_0_ (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13 in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index lhs in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) lhs_1_ + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + (index +! mk_usize 1 <: usize) + lhs_1_ in let _:Prims.unit = () in re -let invert_ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 0) 1976782l (-846154l) 1400424l 3937738l (-1362209l) - (-48306l) 3919660l (-554416l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 2) (-3545687l) 1612842l (-976891l) 183443l (-2286327l) - (-420899l) (-2235985l) (-2939036l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 4) (-3833893l) (-260646l) (-1104333l) (-1667432l) 1910376l - (-1803090l) 1723600l (-426683l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 6) 472078l 1717735l (-975884l) 2213111l 269760l 3866901l - 3523897l (-3038916l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 8) (-1799107l) (-3694233l) 1652634l 810149l 3014001l - 1616392l 162844l (-3183426l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 10) (-1207385l) 185531l 3369112l 1957272l (-164721l) - 2454455l 2432395l (-2013608l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 12) (-3776993l) 594136l (-3724270l) (-2584293l) (-1846953l) - (-1671176l) (-2831860l) (-542412l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 14) 3406031l 2235880l 777191l 1500165l (-1374803l) - (-2546312l) 1917081l (-1279661l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 16) (-1962642l) 3306115l 1312455l (-451100l) (-1430225l) - (-3318210l) 1237275l (-1333058l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 18) (-1050970l) 1903435l 1869119l (-2994039l) (-3548272l) - 2635921l 1250494l (-3767016l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 20) 1595974l 2486353l 1247620l 4055324l 1265009l - (-2590150l) 2691481l 2842341l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 22) 203044l 1735879l (-3342277l) 3437287l 4108315l - (-2437823l) 286988l 342297l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 24) (-3595838l) (-768622l) (-525098l) (-3556995l) 3207046l - 2031748l (-3122442l) (-655327l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 26) (-522500l) (-43260l) (-1613174l) 495491l 819034l - 909542l 1859098l 900702l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 28) (-3193378l) (-1197226l) (-3759364l) (-3520352l) - 3513181l (-1235728l) 2434439l 266997l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_0___round re (sz 30) (-3562462l) (-2446433l) 2244091l (-3342478l) 3817976l - 2316500l 3407706l 2091667l +let invert_ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 0) (mk_i32 1976782) (mk_i32 (-846154)) + (mk_i32 1400424) (mk_i32 3937738) (mk_i32 (-1362209)) (mk_i32 (-48306)) (mk_i32 3919660) + (mk_i32 (-554416)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 2) (mk_i32 (-3545687)) (mk_i32 1612842) + (mk_i32 (-976891)) (mk_i32 183443) (mk_i32 (-2286327)) (mk_i32 (-420899)) (mk_i32 (-2235985)) + (mk_i32 (-2939036)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 4) (mk_i32 (-3833893)) (mk_i32 (-260646)) + (mk_i32 (-1104333)) (mk_i32 (-1667432)) (mk_i32 1910376) (mk_i32 (-1803090)) (mk_i32 1723600) + (mk_i32 (-426683)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 6) (mk_i32 472078) (mk_i32 1717735) + (mk_i32 (-975884)) (mk_i32 2213111) (mk_i32 269760) (mk_i32 3866901) (mk_i32 3523897) + (mk_i32 (-3038916)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 8) (mk_i32 (-1799107)) (mk_i32 (-3694233)) + (mk_i32 1652634) (mk_i32 810149) (mk_i32 3014001) (mk_i32 1616392) (mk_i32 162844) + (mk_i32 (-3183426)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 10) (mk_i32 (-1207385)) (mk_i32 185531) + (mk_i32 3369112) (mk_i32 1957272) (mk_i32 (-164721)) (mk_i32 2454455) (mk_i32 2432395) + (mk_i32 (-2013608)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 12) (mk_i32 (-3776993)) (mk_i32 594136) + (mk_i32 (-3724270)) (mk_i32 (-2584293)) (mk_i32 (-1846953)) (mk_i32 (-1671176)) + (mk_i32 (-2831860)) (mk_i32 (-542412)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 14) (mk_i32 3406031) (mk_i32 2235880) (mk_i32 777191) + (mk_i32 1500165) (mk_i32 (-1374803)) (mk_i32 (-2546312)) (mk_i32 1917081) (mk_i32 (-1279661)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 16) (mk_i32 (-1962642)) (mk_i32 3306115) + (mk_i32 1312455) (mk_i32 (-451100)) (mk_i32 (-1430225)) (mk_i32 (-3318210)) (mk_i32 1237275) + (mk_i32 (-1333058)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 18) (mk_i32 (-1050970)) (mk_i32 1903435) + (mk_i32 1869119) (mk_i32 (-2994039)) (mk_i32 (-3548272)) (mk_i32 2635921) (mk_i32 1250494) + (mk_i32 (-3767016)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 20) (mk_i32 1595974) (mk_i32 2486353) + (mk_i32 1247620) (mk_i32 4055324) (mk_i32 1265009) (mk_i32 (-2590150)) (mk_i32 2691481) + (mk_i32 2842341) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 22) (mk_i32 203044) (mk_i32 1735879) + (mk_i32 (-3342277)) (mk_i32 3437287) (mk_i32 4108315) (mk_i32 (-2437823)) (mk_i32 286988) + (mk_i32 342297) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 24) (mk_i32 (-3595838)) (mk_i32 (-768622)) + (mk_i32 (-525098)) (mk_i32 (-3556995)) (mk_i32 3207046) (mk_i32 2031748) (mk_i32 (-3122442)) + (mk_i32 (-655327)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 26) (mk_i32 (-522500)) (mk_i32 (-43260)) + (mk_i32 (-1613174)) (mk_i32 495491) (mk_i32 819034) (mk_i32 909542) (mk_i32 1859098) + (mk_i32 900702) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 28) (mk_i32 (-3193378)) (mk_i32 (-1197226)) + (mk_i32 (-3759364)) (mk_i32 (-3520352)) (mk_i32 3513181) (mk_i32 (-1235728)) (mk_i32 2434439) + (mk_i32 266997) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_0___round re (mk_usize 30) (mk_i32 (-3562462)) (mk_i32 (-2446433)) + (mk_i32 2244091) (mk_i32 (-3342478)) (mk_i32 3817976) (mk_i32 2316500) (mk_i32 3407706) + (mk_i32 2091667) in re let invert_ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_00_ zeta_01_ zeta_10_ zeta_11_: i32) = @@ -265,75 +282,157 @@ let invert_ntt_at_layer_1___round Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) = simd_unit_invert_ntt_at_layer_1_ (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value zeta_00_ zeta_01_ zeta_10_ zeta_11_ in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index lhs in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) lhs_1_ + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + (index +! mk_usize 1 <: usize) + lhs_1_ in let _:Prims.unit = () in re -let invert_ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 0) 3839961l (-3628969l) (-3881060l) (-3019102l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 2) (-1439742l) (-812732l) (-1584928l) 1285669l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 4) 1341330l 1315589l (-177440l) (-2409325l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 6) (-1851402l) 3159746l (-3553272l) 189548l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 8) (-1316856l) 759969l (-210977l) 2389356l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 10) (-3249728l) 1653064l (-8578l) (-3724342l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 12) 3958618l 904516l (-1100098l) 44288l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 14) 3097992l 508951l 264944l (-3343383l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 16) (-1430430l) 1852771l 1349076l (-381987l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 18) (-1308169l) (-22981l) (-1228525l) (-671102l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 20) (-2477047l) (-411027l) (-3693493l) (-2967645l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 22) 2715295l 2147896l (-983419l) 3412210l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 24) 126922l (-3632928l) (-3157330l) (-3190144l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 26) (-1000202l) (-4083598l) 1939314l (-1257611l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 28) (-1585221l) 2176455l 3475950l (-1452451l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_1___round re (sz 30) (-3041255l) (-3677745l) (-1528703l) (-3930395l) +let invert_ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 0) + (mk_i32 3839961) + (mk_i32 (-3628969)) + (mk_i32 (-3881060)) + (mk_i32 (-3019102)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 2) + (mk_i32 (-1439742)) + (mk_i32 (-812732)) + (mk_i32 (-1584928)) + (mk_i32 1285669) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 4) + (mk_i32 1341330) + (mk_i32 1315589) + (mk_i32 (-177440)) + (mk_i32 (-2409325)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 6) + (mk_i32 (-1851402)) + (mk_i32 3159746) + (mk_i32 (-3553272)) + (mk_i32 189548) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 8) + (mk_i32 (-1316856)) + (mk_i32 759969) + (mk_i32 (-210977)) + (mk_i32 2389356) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 10) + (mk_i32 (-3249728)) + (mk_i32 1653064) + (mk_i32 (-8578)) + (mk_i32 (-3724342)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 12) + (mk_i32 3958618) + (mk_i32 904516) + (mk_i32 (-1100098)) + (mk_i32 44288) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 14) + (mk_i32 3097992) + (mk_i32 508951) + (mk_i32 264944) + (mk_i32 (-3343383)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 16) + (mk_i32 (-1430430)) + (mk_i32 1852771) + (mk_i32 1349076) + (mk_i32 (-381987)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 18) + (mk_i32 (-1308169)) + (mk_i32 (-22981)) + (mk_i32 (-1228525)) + (mk_i32 (-671102)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 20) + (mk_i32 (-2477047)) + (mk_i32 (-411027)) + (mk_i32 (-3693493)) + (mk_i32 (-2967645)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 22) + (mk_i32 2715295) + (mk_i32 2147896) + (mk_i32 (-983419)) + (mk_i32 3412210) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 24) + (mk_i32 126922) + (mk_i32 (-3632928)) + (mk_i32 (-3157330)) + (mk_i32 (-3190144)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 26) + (mk_i32 (-1000202)) + (mk_i32 (-4083598)) + (mk_i32 1939314) + (mk_i32 (-1257611)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 28) + (mk_i32 (-1585221)) + (mk_i32 2176455) + (mk_i32 3475950) + (mk_i32 (-1452451)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_1___round re + (mk_usize 30) + (mk_i32 (-3041255)) + (mk_i32 (-3677745)) + (mk_i32 (-1528703)) + (mk_i32 (-3930395)) in re let invert_ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta1 zeta2: i32) = @@ -341,86 +440,88 @@ let invert_ntt_at_layer_2___round Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) = simd_unit_invert_ntt_at_layer_2_ (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value zeta1 zeta2 in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index lhs in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! sz 1 <: usize) lhs_1_ + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + (index +! mk_usize 1 <: usize) + lhs_1_ in let _:Prims.unit = () in re -let invert_ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 0) (-2797779l) 2071892l +let invert_ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 0) (mk_i32 (-2797779)) (mk_i32 2071892) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 2) (-2556880l) 3900724l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 2) (mk_i32 (-2556880)) (mk_i32 3900724) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 4) 3881043l 954230l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 4) (mk_i32 3881043) (mk_i32 954230) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 6) 531354l 811944l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 6) (mk_i32 531354) (mk_i32 811944) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 8) 3699596l (-1600420l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 8) (mk_i32 3699596) (mk_i32 (-1600420)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 10) (-2140649l) 3507263l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 10) (mk_i32 (-2140649)) (mk_i32 3507263) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 12) (-3821735l) 3505694l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 12) (mk_i32 (-3821735)) (mk_i32 3505694) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 14) (-1643818l) (-1699267l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 14) (mk_i32 (-1643818)) (mk_i32 (-1699267)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 16) (-539299l) 2348700l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 16) (mk_i32 (-539299)) (mk_i32 2348700) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 18) (-300467l) 3539968l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 18) (mk_i32 (-300467)) (mk_i32 3539968) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 20) (-2867647l) 3574422l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 20) (mk_i32 (-2867647)) (mk_i32 3574422) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 22) (-3043716l) (-3861115l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 22) (mk_i32 (-3043716)) (mk_i32 (-3861115)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 24) 3915439l (-2537516l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 24) (mk_i32 3915439) (mk_i32 (-2537516)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 26) (-3592148l) (-1661693l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 26) (mk_i32 (-3592148)) (mk_i32 (-1661693)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 28) 3530437l 3077325l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 28) (mk_i32 3530437) (mk_i32 3077325) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - invert_ntt_at_layer_2___round re (sz 30) 95776l 2706023l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + invert_ntt_at_layer_2___round re (mk_usize 30) (mk_i32 95776) (mk_i32 2706023) in re let outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Folds.fold_range v_OFFSET (v_OFFSET +! v_STEP_BY <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let _:usize = temp_1_ in true) re (fun re j -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let j:usize = j in let a_minus_b:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (re.[ j +! v_STEP_BY <: usize ] @@ -430,7 +531,7 @@ let outer_3_plus (re.[ j ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re j ({ @@ -449,7 +550,7 @@ let outer_3_plus <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) ({ @@ -467,154 +568,154 @@ let outer_3_plus in re -let invert_ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 0) (sz 1) 280005l re +let invert_ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 1) (mk_i32 280005) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 2) (sz 1) 4010497l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 2) (mk_usize 1) (mk_i32 4010497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 4) (sz 1) (-19422l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 1) (mk_i32 (-19422)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 6) (sz 1) 1757237l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 6) (mk_usize 1) (mk_i32 1757237) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 8) (sz 1) (-3277672l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 1) (mk_i32 (-3277672)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 10) (sz 1) (-1399561l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 10) (mk_usize 1) (mk_i32 (-1399561)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 12) (sz 1) (-3859737l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 1) (mk_i32 (-3859737)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 14) (sz 1) (-2118186l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 14) (mk_usize 1) (mk_i32 (-2118186)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 16) (sz 1) (-2108549l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 1) (mk_i32 (-2108549)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 18) (sz 1) 2619752l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 18) (mk_usize 1) (mk_i32 2619752) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 20) (sz 1) (-1119584l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 1) (mk_i32 (-1119584)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 22) (sz 1) (-549488l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 22) (mk_usize 1) (mk_i32 (-549488)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 24) (sz 1) 3585928l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 1) (mk_i32 3585928) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 26) (sz 1) (-1079900l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 26) (mk_usize 1) (mk_i32 (-1079900)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 28) (sz 1) 1024112l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 1) (mk_i32 1024112) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 30) (sz 1) 2725464l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 30) (mk_usize 1) (mk_i32 2725464) re in re -let invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 0) (sz 2) 2680103l re +let invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 2) (mk_i32 2680103) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 4) (sz 2) 3111497l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 2) (mk_i32 3111497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 8) (sz 2) (-2884855l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 2) (mk_i32 (-2884855)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 12) (sz 2) 3119733l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 2) (mk_i32 3119733) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 16) (sz 2) (-2091905l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 2) (mk_i32 (-2091905)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 20) (sz 2) (-359251l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 2) (mk_i32 (-359251)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 24) (sz 2) 2353451l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 2) (mk_i32 2353451) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 28) (sz 2) 1826347l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 2) (mk_i32 1826347) re in re -let invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 0) (sz 4) 466468l re +let invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 4) (mk_i32 466468) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 8) (sz 4) (-876248l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 4) (mk_i32 (-876248)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 16) (sz 4) (-777960l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 4) (mk_i32 (-777960)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 24) (sz 4) 237124l re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 4) (mk_i32 237124) re in re -let invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 0) (sz 8) (-518909l) re +let invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 8) (mk_i32 (-518909)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 16) (sz 8) (-2608894l) re + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 8) (mk_i32 (-2608894)) re in re -let invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - outer_3_plus (sz 0) (sz 16) 25847l re +let invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 16) (mk_i32 25847) re in re let invert_ntt_montgomery__inv_inner - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_0_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_1_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_2_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_3_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_4_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_5_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_6_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_at_layer_7_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (re <: t_Slice Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let _:usize = temp_1_ in true) re (fun re i -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let i:usize = i in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re i @@ -632,12 +733,12 @@ let invert_ntt_montgomery__inv_inner <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) <: - t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) in re -let invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = +let invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = invert_ntt_montgomery__inv_inner re in re diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti index e7b8f66fc..c3139588e 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_dsa.Simd.Avx2.Invntt open Core open FStar.Mul -let invert_ntt_montgomery__inv_inner__FACTOR: i32 = 41978l +let invert_ntt_montgomery__inv_inner__FACTOR: i32 = mk_i32 41978 val simd_unit_invert_ntt_at_layer_0_ (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -12,7 +12,7 @@ val simd_unit_invert_ntt_at_layer_0_ (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 ) Prims.l_True (fun _ -> Prims.l_True) -let simd_unit_invert_ntt_at_layer_0___SHUFFLE: i32 = 216l +let simd_unit_invert_ntt_at_layer_0___SHUFFLE: i32 = mk_i32 216 val simd_unit_invert_ntt_at_layer_1_ (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -29,104 +29,104 @@ val simd_unit_invert_ntt_at_layer_2_ ) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta00 zeta01 zeta02 zeta03 zeta10 zeta11 zeta12 zeta13: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_00_ zeta_01_ zeta_10_ zeta_11_: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta1 zeta2: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_3___STEP: usize = sz 8 +let invert_ntt_at_layer_3___STEP: usize = mk_usize 8 -let invert_ntt_at_layer_3___STEP_BY: usize = sz 1 +let invert_ntt_at_layer_3___STEP_BY: usize = mk_usize 1 -val invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_4___STEP: usize = sz 16 +let invert_ntt_at_layer_4___STEP: usize = mk_usize 16 -let invert_ntt_at_layer_4___STEP_BY: usize = sz 2 +let invert_ntt_at_layer_4___STEP_BY: usize = mk_usize 2 -val invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_5___STEP: usize = sz 32 +let invert_ntt_at_layer_5___STEP: usize = mk_usize 32 -let invert_ntt_at_layer_5___STEP_BY: usize = sz 4 +let invert_ntt_at_layer_5___STEP_BY: usize = mk_usize 4 -val invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_6___STEP: usize = sz 64 +let invert_ntt_at_layer_6___STEP: usize = mk_usize 64 -let invert_ntt_at_layer_6___STEP_BY: usize = sz 8 +let invert_ntt_at_layer_6___STEP_BY: usize = mk_usize 8 -val invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_montgomery__inv_inner - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_7___STEP: usize = sz 128 +let invert_ntt_at_layer_7___STEP: usize = mk_usize 128 -let invert_ntt_at_layer_7___STEP_BY: usize = sz 16 +let invert_ntt_at_layer_7___STEP_BY: usize = mk_usize 16 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst index 4880fcb6f..e6843e2d6 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst @@ -4,18 +4,18 @@ open Core open FStar.Mul let butterfly_2_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_a0 zeta_a1 zeta_a2 zeta_a3 zeta_b0 zeta_b1 zeta_b2 zeta_b3: i32) = let a:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in let b:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in let summands:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -49,26 +49,26 @@ let butterfly_2_ let b_terms_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 add_terms sub_terms in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index ({ Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l a_terms_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) a_terms_shuffled <: Libcrux_intrinsics.Avx2_extract.t_Vec256 } <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - (index +! sz 1 <: usize) + (index +! mk_usize 1 <: usize) ({ Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 216l b_terms_shuffled + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 216) b_terms_shuffled <: Libcrux_intrinsics.Avx2_extract.t_Vec256 } @@ -78,7 +78,7 @@ let butterfly_2_ re let butterfly_4_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_a0 zeta_a1 zeta_b0 zeta_b1: i32) = @@ -87,7 +87,7 @@ let butterfly_4_ <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in let zeta_products:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -95,7 +95,7 @@ let butterfly_4_ <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -117,7 +117,7 @@ let butterfly_4_ let add_terms:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 summands zeta_products in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index ({ @@ -130,9 +130,9 @@ let butterfly_4_ <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - (index +! sz 1 <: usize) + (index +! mk_usize 1 <: usize) ({ Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = @@ -146,13 +146,13 @@ let butterfly_4_ re let butterfly_8_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta0 zeta1: i32) = let summands:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_m128i (Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value <: Libcrux_intrinsics.Avx2_extract.t_Vec128) @@ -164,8 +164,8 @@ let butterfly_8_ Libcrux_intrinsics.Avx2_extract.t_Vec128) in let zeta_products:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 19l - (re.[ index +! sz 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 19) + (re.[ index +! mk_usize 1 <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value @@ -182,7 +182,7 @@ let butterfly_8_ let add_terms:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 summands zeta_products in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index ({ @@ -201,13 +201,13 @@ let butterfly_8_ <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - (index +! sz 1 <: usize) + (index +! mk_usize 1 <: usize) ({ Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 19l sub_terms add_terms + Libcrux_intrinsics.Avx2_extract.mm256_permute2x128_si256 (mk_i32 19) sub_terms add_terms <: Libcrux_intrinsics.Avx2_extract.t_Vec256 } @@ -216,176 +216,260 @@ let butterfly_8_ in re -let ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 0) 2091667l 3407706l 2316500l 3817976l (-3342478l) 2244091l (-2446433l) - (-3562462l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 2) 266997l 2434439l (-1235728l) 3513181l (-3520352l) (-3759364l) (-1197226l) - (-3193378l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 4) 900702l 1859098l 909542l 819034l 495491l (-1613174l) (-43260l) (-522500l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 6) (-655327l) (-3122442l) 2031748l 3207046l (-3556995l) (-525098l) - (-768622l) (-3595838l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 8) 342297l 286988l (-2437823l) 4108315l 3437287l (-3342277l) 1735879l - 203044l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 10) 2842341l 2691481l (-2590150l) 1265009l 4055324l 1247620l 2486353l - 1595974l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 12) (-3767016l) 1250494l 2635921l (-3548272l) (-2994039l) 1869119l 1903435l - (-1050970l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 14) (-1333058l) 1237275l (-3318210l) (-1430225l) (-451100l) 1312455l - 3306115l (-1962642l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 16) (-1279661l) 1917081l (-2546312l) (-1374803l) 1500165l 777191l 2235880l - 3406031l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 18) (-542412l) (-2831860l) (-1671176l) (-1846953l) (-2584293l) (-3724270l) - 594136l (-3776993l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 20) (-2013608l) 2432395l 2454455l (-164721l) 1957272l 3369112l 185531l - (-1207385l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 22) (-3183426l) 162844l 1616392l 3014001l 810149l 1652634l (-3694233l) - (-1799107l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 24) (-3038916l) 3523897l 3866901l 269760l 2213111l (-975884l) 1717735l - 472078l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 26) (-426683l) 1723600l (-1803090l) 1910376l (-1667432l) (-1104333l) - (-260646l) (-3833893l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 28) (-2939036l) (-2235985l) (-420899l) (-2286327l) 183443l (-976891l) - 1612842l (-3545687l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_2_ re (sz 30) (-554416l) 3919660l (-48306l) (-1362209l) 3937738l 1400424l (-846154l) - 1976782l +let ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 0) (mk_i32 2091667) (mk_i32 3407706) (mk_i32 2316500) (mk_i32 3817976) + (mk_i32 (-3342478)) (mk_i32 2244091) (mk_i32 (-2446433)) (mk_i32 (-3562462)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 2) (mk_i32 266997) (mk_i32 2434439) (mk_i32 (-1235728)) + (mk_i32 3513181) (mk_i32 (-3520352)) (mk_i32 (-3759364)) (mk_i32 (-1197226)) + (mk_i32 (-3193378)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 4) (mk_i32 900702) (mk_i32 1859098) (mk_i32 909542) (mk_i32 819034) + (mk_i32 495491) (mk_i32 (-1613174)) (mk_i32 (-43260)) (mk_i32 (-522500)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 6) (mk_i32 (-655327)) (mk_i32 (-3122442)) (mk_i32 2031748) + (mk_i32 3207046) (mk_i32 (-3556995)) (mk_i32 (-525098)) (mk_i32 (-768622)) (mk_i32 (-3595838)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 8) (mk_i32 342297) (mk_i32 286988) (mk_i32 (-2437823)) + (mk_i32 4108315) (mk_i32 3437287) (mk_i32 (-3342277)) (mk_i32 1735879) (mk_i32 203044) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 10) (mk_i32 2842341) (mk_i32 2691481) (mk_i32 (-2590150)) + (mk_i32 1265009) (mk_i32 4055324) (mk_i32 1247620) (mk_i32 2486353) (mk_i32 1595974) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 12) (mk_i32 (-3767016)) (mk_i32 1250494) (mk_i32 2635921) + (mk_i32 (-3548272)) (mk_i32 (-2994039)) (mk_i32 1869119) (mk_i32 1903435) (mk_i32 (-1050970)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 14) (mk_i32 (-1333058)) (mk_i32 1237275) (mk_i32 (-3318210)) + (mk_i32 (-1430225)) (mk_i32 (-451100)) (mk_i32 1312455) (mk_i32 3306115) (mk_i32 (-1962642)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 16) (mk_i32 (-1279661)) (mk_i32 1917081) (mk_i32 (-2546312)) + (mk_i32 (-1374803)) (mk_i32 1500165) (mk_i32 777191) (mk_i32 2235880) (mk_i32 3406031) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 18) (mk_i32 (-542412)) (mk_i32 (-2831860)) (mk_i32 (-1671176)) + (mk_i32 (-1846953)) (mk_i32 (-2584293)) (mk_i32 (-3724270)) (mk_i32 594136) + (mk_i32 (-3776993)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 20) (mk_i32 (-2013608)) (mk_i32 2432395) (mk_i32 2454455) + (mk_i32 (-164721)) (mk_i32 1957272) (mk_i32 3369112) (mk_i32 185531) (mk_i32 (-1207385)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 22) (mk_i32 (-3183426)) (mk_i32 162844) (mk_i32 1616392) + (mk_i32 3014001) (mk_i32 810149) (mk_i32 1652634) (mk_i32 (-3694233)) (mk_i32 (-1799107)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 24) (mk_i32 (-3038916)) (mk_i32 3523897) (mk_i32 3866901) + (mk_i32 269760) (mk_i32 2213111) (mk_i32 (-975884)) (mk_i32 1717735) (mk_i32 472078) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 26) (mk_i32 (-426683)) (mk_i32 1723600) (mk_i32 (-1803090)) + (mk_i32 1910376) (mk_i32 (-1667432)) (mk_i32 (-1104333)) (mk_i32 (-260646)) + (mk_i32 (-3833893)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 28) (mk_i32 (-2939036)) (mk_i32 (-2235985)) (mk_i32 (-420899)) + (mk_i32 (-2286327)) (mk_i32 183443) (mk_i32 (-976891)) (mk_i32 1612842) (mk_i32 (-3545687)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_2_ re (mk_usize 30) (mk_i32 (-554416)) (mk_i32 3919660) (mk_i32 (-48306)) + (mk_i32 (-1362209)) (mk_i32 3937738) (mk_i32 1400424) (mk_i32 (-846154)) (mk_i32 1976782) in re -let ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 0) (-3930395l) (-1528703l) (-3677745l) (-3041255l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 2) (-1452451l) 3475950l 2176455l (-1585221l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 4) (-1257611l) 1939314l (-4083598l) (-1000202l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 6) (-3190144l) (-3157330l) (-3632928l) 126922l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 8) 3412210l (-983419l) 2147896l 2715295l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 10) (-2967645l) (-3693493l) (-411027l) (-2477047l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 12) (-671102l) (-1228525l) (-22981l) (-1308169l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 14) (-381987l) 1349076l 1852771l (-1430430l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 16) (-3343383l) 264944l 508951l 3097992l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 18) 44288l (-1100098l) 904516l 3958618l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 20) (-3724342l) (-8578l) 1653064l (-3249728l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 22) 2389356l (-210977l) 759969l (-1316856l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 24) 189548l (-3553272l) 3159746l (-1851402l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 26) (-2409325l) (-177440l) 1315589l 1341330l - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 28) 1285669l (-1584928l) (-812732l) (-1439742l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_4_ re (sz 30) (-3019102l) (-3881060l) (-3628969l) 3839961l +let ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 0) + (mk_i32 (-3930395)) + (mk_i32 (-1528703)) + (mk_i32 (-3677745)) + (mk_i32 (-3041255)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 2) + (mk_i32 (-1452451)) + (mk_i32 3475950) + (mk_i32 2176455) + (mk_i32 (-1585221)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 4) + (mk_i32 (-1257611)) + (mk_i32 1939314) + (mk_i32 (-4083598)) + (mk_i32 (-1000202)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 6) + (mk_i32 (-3190144)) + (mk_i32 (-3157330)) + (mk_i32 (-3632928)) + (mk_i32 126922) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 8) + (mk_i32 3412210) + (mk_i32 (-983419)) + (mk_i32 2147896) + (mk_i32 2715295) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 10) + (mk_i32 (-2967645)) + (mk_i32 (-3693493)) + (mk_i32 (-411027)) + (mk_i32 (-2477047)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 12) + (mk_i32 (-671102)) + (mk_i32 (-1228525)) + (mk_i32 (-22981)) + (mk_i32 (-1308169)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 14) + (mk_i32 (-381987)) + (mk_i32 1349076) + (mk_i32 1852771) + (mk_i32 (-1430430)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 16) + (mk_i32 (-3343383)) + (mk_i32 264944) + (mk_i32 508951) + (mk_i32 3097992) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 18) + (mk_i32 44288) + (mk_i32 (-1100098)) + (mk_i32 904516) + (mk_i32 3958618) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 20) + (mk_i32 (-3724342)) + (mk_i32 (-8578)) + (mk_i32 1653064) + (mk_i32 (-3249728)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 22) + (mk_i32 2389356) + (mk_i32 (-210977)) + (mk_i32 759969) + (mk_i32 (-1316856)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 24) + (mk_i32 189548) + (mk_i32 (-3553272)) + (mk_i32 3159746) + (mk_i32 (-1851402)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 26) + (mk_i32 (-2409325)) + (mk_i32 (-177440)) + (mk_i32 1315589) + (mk_i32 1341330) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 28) + (mk_i32 1285669) + (mk_i32 (-1584928)) + (mk_i32 (-812732)) + (mk_i32 (-1439742)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_4_ re + (mk_usize 30) + (mk_i32 (-3019102)) + (mk_i32 (-3881060)) + (mk_i32 (-3628969)) + (mk_i32 3839961) in re -let ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 0) 2706023l 95776l +let ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 0) (mk_i32 2706023) (mk_i32 95776) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 2) 3077325l 3530437l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 2) (mk_i32 3077325) (mk_i32 3530437) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 4) (-1661693l) (-3592148l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 4) (mk_i32 (-1661693)) (mk_i32 (-3592148)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 6) (-2537516l) 3915439l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 6) (mk_i32 (-2537516)) (mk_i32 3915439) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 8) (-3861115l) (-3043716l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 8) (mk_i32 (-3861115)) (mk_i32 (-3043716)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 10) 3574422l (-2867647l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 10) (mk_i32 3574422) (mk_i32 (-2867647)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 12) 3539968l (-300467l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 12) (mk_i32 3539968) (mk_i32 (-300467)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 14) 2348700l (-539299l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 14) (mk_i32 2348700) (mk_i32 (-539299)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 16) (-1699267l) (-1643818l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 16) (mk_i32 (-1699267)) (mk_i32 (-1643818)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 18) 3505694l (-3821735l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 18) (mk_i32 3505694) (mk_i32 (-3821735)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 20) 3507263l (-2140649l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 20) (mk_i32 3507263) (mk_i32 (-2140649)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 22) (-1600420l) 3699596l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 22) (mk_i32 (-1600420)) (mk_i32 3699596) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 24) 811944l 531354l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 24) (mk_i32 811944) (mk_i32 531354) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 26) 954230l 3881043l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 26) (mk_i32 954230) (mk_i32 3881043) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 28) 3900724l (-2556880l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 28) (mk_i32 3900724) (mk_i32 (-2556880)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - butterfly_8_ re (sz 30) 2071892l (-2797779l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + butterfly_8_ re (mk_usize 30) (mk_i32 2071892) (mk_i32 (-2797779)) in re let ntt_at_layer_7_and_6___mul - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta: Libcrux_intrinsics.Avx2_extract.t_Vec256) (step_by: usize) @@ -400,12 +484,12 @@ let ntt_at_layer_7_and_6___mul in let prod13:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 - 245l + (mk_i32 245) (re.[ index +! step_by <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value <: Libcrux_intrinsics.Avx2_extract.t_Vec256) - (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l zeta + (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) zeta <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -428,17 +512,17 @@ let ntt_at_layer_7_and_6___mul Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 prod13 c13 in let res02_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l res02 + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) res02 in let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 170l res02_shifted res13 + Libcrux_intrinsics.Avx2_extract.mm256_blend_epi32 (mk_i32 170) res02_shifted res13 in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! step_by <: usize) (re.[ index ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (index +! step_by <: usize) ({ @@ -456,7 +540,7 @@ let ntt_at_layer_7_and_6___mul <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index ({ @@ -476,7 +560,7 @@ let ntt_at_layer_7_and_6___mul in re -let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = +let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS in @@ -488,272 +572,272 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve i32) in let zeta7:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 25847l + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 25847) in let zeta60:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (-2608894l) + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 (-2608894)) in let zeta61:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (-518909l) + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 (-518909)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0) + (mk_usize 0) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 1 <: usize) + (mk_usize 0 +! mk_usize 1 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 2 <: usize) + (mk_usize 0 +! mk_usize 2 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 3 <: usize) + (mk_usize 0 +! mk_usize 3 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 8) + (mk_usize 8) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 8 +! sz 1 <: usize) + (mk_usize 8 +! mk_usize 1 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 8 +! sz 2 <: usize) + (mk_usize 8 +! mk_usize 2 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 8 +! sz 3 <: usize) + (mk_usize 8 +! mk_usize 3 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0) + (mk_usize 0) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 1 <: usize) + (mk_usize 0 +! mk_usize 1 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 2 <: usize) + (mk_usize 0 +! mk_usize 2 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 0 +! sz 3 <: usize) + (mk_usize 0 +! mk_usize 3 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 16) + (mk_usize 16) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 16 +! sz 1 <: usize) + (mk_usize 16 +! mk_usize 1 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 16 +! sz 2 <: usize) + (mk_usize 16 +! mk_usize 2 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 16 +! sz 3 <: usize) + (mk_usize 16 +! mk_usize 3 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4) + (mk_usize 4) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 1 <: usize) + (mk_usize 4 +! mk_usize 1 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 2 <: usize) + (mk_usize 4 +! mk_usize 2 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 3 <: usize) + (mk_usize 4 +! mk_usize 3 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 12) + (mk_usize 12) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 12 +! sz 1 <: usize) + (mk_usize 12 +! mk_usize 1 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 12 +! sz 2 <: usize) + (mk_usize 12 +! mk_usize 2 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 12 +! sz 3 <: usize) + (mk_usize 12 +! mk_usize 3 <: usize) zeta7 ntt_at_layer_7_and_6___STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4) + (mk_usize 4) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 1 <: usize) + (mk_usize 4 +! mk_usize 1 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 2 <: usize) + (mk_usize 4 +! mk_usize 2 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 4 +! sz 3 <: usize) + (mk_usize 4 +! mk_usize 3 <: usize) zeta60 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 20) + (mk_usize 20) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 20 +! sz 1 <: usize) + (mk_usize 20 +! mk_usize 1 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 20 +! sz 2 <: usize) + (mk_usize 20 +! mk_usize 2 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_7_and_6___mul re - (sz 20 +! sz 3 <: usize) + (mk_usize 20 +! mk_usize 3 <: usize) zeta61 ntt_at_layer_7_and_6___STEP_BY_6_ field_modulus @@ -764,7 +848,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve let ntt_at_layer_5_to_3___round (v_STEP v_STEP_BY: usize) - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta: i32) = @@ -772,21 +856,21 @@ let ntt_at_layer_5_to_3___round Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 zeta in let offset:usize = - ((index *! v_STEP <: usize) *! sz 2 <: usize) /! + ((index *! v_STEP <: usize) *! mk_usize 2 <: usize) /! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Folds.fold_range offset (offset +! v_STEP_BY <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let _:usize = temp_1_ in true) re (fun re j -> - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = re in let j:usize = j in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) ({ @@ -814,7 +898,7 @@ let ntt_at_layer_5_to_3___round (re.[ j +! v_STEP_BY <: usize ] <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re j ({ @@ -833,7 +917,7 @@ let ntt_at_layer_5_to_3___round <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) ({ Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = tmp } @@ -844,105 +928,109 @@ let ntt_at_layer_5_to_3___round in re -let ntt_at_layer_5_to_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 0) 237124l +let ntt_at_layer_5_to_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 32) (mk_usize 4) re (mk_usize 0) (mk_i32 237124) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 1) (-777960l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 32) (mk_usize 4) re (mk_usize 1) (mk_i32 (-777960)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 2) (-876248l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 32) (mk_usize 4) re (mk_usize 2) (mk_i32 (-876248)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 32) (sz 4) re (sz 3) 466468l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 32) (mk_usize 4) re (mk_usize 3) (mk_i32 466468) in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 0) 1826347l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 0) (mk_i32 1826347) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 1) 2353451l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 1) (mk_i32 2353451) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 2) (-359251l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 2) (mk_i32 (-359251)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 3) (-2091905l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 3) (mk_i32 (-2091905)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 4) 3119733l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 4) (mk_i32 3119733) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 5) (-2884855l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 5) (mk_i32 (-2884855)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 6) 3111497l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 6) (mk_i32 3111497) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 16) (sz 2) re (sz 7) 2680103l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 16) (mk_usize 2) re (mk_usize 7) (mk_i32 2680103) in let _:Prims.unit = () in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 0) 2725464l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 0) (mk_i32 2725464) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 1) 1024112l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 1) (mk_i32 1024112) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 2) (-1079900l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 2) (mk_i32 (-1079900)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 3) 3585928l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 3) (mk_i32 3585928) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 4) (-549488l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 4) (mk_i32 (-549488)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 5) (-1119584l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 5) (mk_i32 (-1119584)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 6) 2619752l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 6) (mk_i32 2619752) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 7) (-2108549l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 7) (mk_i32 (-2108549)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 8) (-2118186l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 8) (mk_i32 (-2118186)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 9) (-3859737l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 9) (mk_i32 (-3859737)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 10) (-1399561l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 10) (mk_i32 (-1399561)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 11) (-3277672l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 11) (mk_i32 (-3277672)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 12) 1757237l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 12) (mk_i32 1757237) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 13) (-19422l) + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 13) (mk_i32 (-19422)) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 14) 4010497l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 14) (mk_i32 4010497) in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = - ntt_at_layer_5_to_3___round (sz 8) (sz 1) re (sz 15) 280005l + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3___round (mk_usize 8) (mk_usize 1) re (mk_usize 15) (mk_i32 280005) in let _:Prims.unit = () in let _:Prims.unit = () <: Prims.unit in re -let ntt__avx2_ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt_at_layer_7_and_6_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt_at_layer_5_to_3_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt_at_layer_2_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt_at_layer_1_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt_at_layer_0_ re in +let ntt__avx2_ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_7_and_6_ re + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = + ntt_at_layer_5_to_3_ re + in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_2_ re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_1_ re in + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt_at_layer_0_ re in re -let ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = ntt__avx2_ntt re in +let ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = ntt__avx2_ntt re in re diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti index a0ca4fe56..86b26611a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti @@ -4,108 +4,108 @@ open Core open FStar.Mul val butterfly_2_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_a0 zeta_a1 zeta_a2 zeta_a3 zeta_b0 zeta_b1 zeta_b2 zeta_b3: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let butterfly_2___SHUFFLE: i32 = 216l +let butterfly_2___SHUFFLE: i32 = mk_i32 216 val butterfly_4_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta_a0 zeta_a1 zeta_b0 zeta_b1: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val butterfly_8_ - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta0 zeta1: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val ntt_at_layer_7_and_6___mul - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta: Libcrux_intrinsics.Avx2_extract.t_Vec256) (step_by: usize) (field_modulus inverse_of_modulus_mod_montgomery_r: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) let ntt_at_layer_7_and_6___STEP_BY_7_: usize = - sz 2 *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT + mk_usize 2 *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT let ntt_at_layer_7_and_6___STEP_BY_6_: usize = - (sz 1 < Prims.l_True) val ntt_at_layer_5_to_3___round (v_STEP v_STEP_BY: usize) - (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) (index: usize) (zeta: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) /// Layer 5, 4, 3 /// Each layer does 16 Montgomery multiplications -> 3*16 = 48 total /// pqclean does 4 * 4 on each layer -> 48 total | plus 4 * 4 shuffles every time (48) -val ntt_at_layer_5_to_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt_at_layer_5_to_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_5_to_3___STEP: usize = sz 1 < Prims.l_True) -val ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) +val ntt (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst index ad5c4fcc5..cbdcfe0f0 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.fst @@ -5,19 +5,19 @@ open FStar.Mul let shift_interval (v_ETA: usize) (coefficients: Libcrux_intrinsics.Avx2_extract.t_Vec256) = match cast (v_ETA <: usize) <: u8 with - | 2uy -> + | Rust_primitives.Integers.MkInt 2 -> let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 26l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 26) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 7l quotient + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 (mk_i32 7) quotient in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 quotient - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 5l + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 5) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -29,7 +29,7 @@ let shift_interval (v_ETA: usize) (coefficients: Libcrux_intrinsics.Avx2_extract <: Libcrux_intrinsics.Avx2_extract.t_Vec256) coefficients_mod_5_ - | 4uy -> + | Rust_primitives.Integers.MkInt 4 -> Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (cast (v_ETA <: usize) <: i32) <: @@ -50,8 +50,8 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = in let (interval_boundary: i32):i32 = match cast (v_ETA <: usize) <: u8 with - | 2uy -> 15l - | 4uy -> 9l + | Rust_primitives.Integers.MkInt 2 -> mk_i32 15 + | Rust_primitives.Integers.MkInt 4 -> mk_i32 9 | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -71,12 +71,12 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = <: u8) in - let good_lower_half:i32 = good &. 15l in - let good_upper_half:i32 = good >>! 4l in + let good_lower_half:i32 = good &. mk_i32 15 in + let good_upper_half:i32 = good >>! mk_i32 4 in let shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = shift_interval v_ETA potential_coefficients in - let lower_shuffles:t_Array u8 (sz 16) = + let lower_shuffles:t_Array u8 (mk_usize 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_lower_half <: i32) @@ -94,12 +94,12 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = in let output:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 4 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize ] @@ -110,7 +110,7 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = t_Slice i32) in let sampled_count:usize = cast (Core.Num.impl__i32__count_ones good_lower_half <: u32) <: usize in - let upper_shuffles:t_Array u8 (sz 16) = + let upper_shuffles:t_Array u8 (mk_usize 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_upper_half <: i32) @@ -121,7 +121,7 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l shifted + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) shifted in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles @@ -130,13 +130,13 @@ let sample (v_ETA: usize) (input: t_Slice u8) (output: t_Slice i32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output ({ Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 4 <: usize } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 4 <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst index f3d66cf87..099c9b2ad 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fst @@ -8,18 +8,21 @@ let bytestream_to_potential_coefficients (serialized: t_Slice u8) = if true then let _:Prims.unit = - match Core.Slice.impl__len #u8 serialized, sz 24 <: (usize & usize) with + match Core.Slice.impl__len #u8 serialized, mk_usize 24 <: (usize & usize) with | left_val, right_val -> Hax_lib.v_assert (left_val =. right_val <: bool) in () in - let serialized_extended:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let serialized_extended:t_Array u8 (sz 32) = + let serialized_extended:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) + in + let serialized_extended:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_to serialized_extended - ({ Core.Ops.Range.f_end = sz 24 } <: Core.Ops.Range.t_RangeTo usize) + ({ Core.Ops.Range.f_end = mk_usize 24 } <: Core.Ops.Range.t_RangeTo usize) (Core.Slice.impl__copy_from_slice #u8 - (serialized_extended.[ { Core.Ops.Range.f_end = sz 24 } <: Core.Ops.Range.t_RangeTo usize - ] + (serialized_extended.[ { Core.Ops.Range.f_end = mk_usize 24 } + <: + Core.Ops.Range.t_RangeTo usize ] <: t_Slice u8) serialized @@ -31,14 +34,24 @@ let bytestream_to_potential_coefficients (serialized: t_Slice u8) = in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permutevar8x32_epi32 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 5l 4l 3l 0l 2l 1l 0l + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (mk_i32 0) + (mk_i32 5) + (mk_i32 4) + (mk_i32 3) + (mk_i32 0) + (mk_i32 2) + (mk_i32 1) + (mk_i32 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) 11y 10y 9y (-1y) 8y 7y 6y (-1y) 5y 4y 3y - (-1y) 2y 1y 0y (-1y) 11y 10y 9y (-1y) 8y 7y 6y (-1y) 5y 4y 3y (-1y) 2y 1y 0y + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 (-1)) (mk_i8 11) (mk_i8 10) (mk_i8 9) + (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 (-1)) (mk_i8 5) (mk_i8 4) (mk_i8 3) + (mk_i8 (-1)) (mk_i8 2) (mk_i8 1) (mk_i8 0) (mk_i8 (-1)) (mk_i8 11) (mk_i8 10) (mk_i8 9) + (mk_i8 (-1)) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 (-1)) (mk_i8 5) (mk_i8 4) (mk_i8 3) + (mk_i8 (-1)) (mk_i8 2) (mk_i8 1) (mk_i8 0) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -64,9 +77,9 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = <: u8) in - let good_lower_half:i32 = good &. 15l in - let good_upper_half:i32 = good >>! 4l in - let lower_shuffles:t_Array u8 (sz 16) = + let good_lower_half:i32 = good &. mk_i32 15 in + let good_upper_half:i32 = good >>! mk_i32 4 in + let lower_shuffles:t_Array u8 (mk_usize 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_lower_half <: i32) @@ -84,12 +97,12 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = in let output:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 4 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize ] @@ -100,7 +113,7 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = t_Slice i32) in let sampled_count:usize = cast (Core.Num.impl__i32__count_ones good_lower_half <: u32) <: usize in - let upper_shuffles:t_Array u8 (sz 16) = + let upper_shuffles:t_Array u8 (mk_usize 16) = Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.v_SHUFFLE_TABLE.[ cast (good_upper_half <: i32) @@ -111,7 +124,7 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) potential_coefficients in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles @@ -120,13 +133,13 @@ let sample (input: t_Slice u8) (output: t_Slice i32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output ({ Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 4 <: usize } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128_i32 (output.[ { Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 4 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 4 <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti index 8d297cab8..9a10d3fd0 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus.fsti @@ -3,7 +3,8 @@ module Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_field_modulus open Core open FStar.Mul -let bytestream_to_potential_coefficients__COEFFICIENT_MASK: i32 = (1l < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst index 97a40a5a5..d181d1c8a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fst @@ -4,103 +4,111 @@ open Core open FStar.Mul let is_bit_set (number: usize) (bit_position: u8) = - ((number &. (sz 1 <>! bit_position <: usize) =. sz 1 + ((number &. (mk_usize 1 <>! bit_position <: usize) =. + mk_usize 1 let generate_shuffle_table (_: Prims.unit) = - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 255uy (sz 16) <: t_Array u8 (sz 16)) - (sz 16) + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_u8 255) (mk_usize 16) + <: + t_Array u8 (mk_usize 16)) + (mk_usize 16) in - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 1 < - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = byte_shuffles in + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = byte_shuffles in let _:usize = temp_1_ in true) byte_shuffles (fun byte_shuffles bit_pattern -> - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = byte_shuffles in + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = byte_shuffles in let bit_pattern:usize = bit_pattern in - let byte_shuffles_index:usize = sz 0 in - let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (sz 16)) (sz 16) & usize) = - Rust_primitives.Hax.Folds.fold_range 0uy - 4uy + let byte_shuffles_index:usize = mk_usize 0 in + let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) & + usize) = + Rust_primitives.Hax.Folds.fold_range (mk_u8 0) + (mk_u8 4) (fun temp_0_ temp_1_ -> - let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (sz 16)) (sz 16) & + let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (mk_usize 16)) + (mk_usize 16) & usize) = temp_0_ in let _:u8 = temp_1_ in true) - (byte_shuffles, byte_shuffles_index <: (t_Array (t_Array u8 (sz 16)) (sz 16) & usize)) + (byte_shuffles, byte_shuffles_index + <: + (t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) & usize)) (fun temp_0_ bit_position -> - let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (sz 16)) (sz 16) & + let byte_shuffles, byte_shuffles_index:(t_Array (t_Array u8 (mk_usize 16)) + (mk_usize 16) & usize) = temp_0_ in let bit_position:u8 = bit_position in if is_bit_set bit_pattern bit_position <: bool then - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) byte_shuffles_index - (bit_position *! 4uy <: u8) + (bit_position *! mk_u8 4 <: u8) <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) in - let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = + let byte_shuffles_index:usize = byte_shuffles_index +! mk_usize 1 in + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) byte_shuffles_index - ((bit_position *! 4uy <: u8) +! 1uy <: u8) + ((bit_position *! mk_u8 4 <: u8) +! mk_u8 1 <: u8) <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) in - let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = + let byte_shuffles_index:usize = byte_shuffles_index +! mk_usize 1 in + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) byte_shuffles_index - ((bit_position *! 4uy <: u8) +! 2uy <: u8) + ((bit_position *! mk_u8 4 <: u8) +! mk_u8 2 <: u8) <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) in - let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in - let byte_shuffles:t_Array (t_Array u8 (sz 16)) (sz 16) = + let byte_shuffles_index:usize = byte_shuffles_index +! mk_usize 1 in + let byte_shuffles:t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize byte_shuffles bit_pattern (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (byte_shuffles.[ bit_pattern ] <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) byte_shuffles_index - ((bit_position *! 4uy <: u8) +! 3uy <: u8) + ((bit_position *! mk_u8 4 <: u8) +! mk_u8 3 <: u8) <: - t_Array u8 (sz 16)) + t_Array u8 (mk_usize 16)) in - let byte_shuffles_index:usize = byte_shuffles_index +! sz 1 in + let byte_shuffles_index:usize = byte_shuffles_index +! mk_usize 1 in byte_shuffles, byte_shuffles_index <: - (t_Array (t_Array u8 (sz 16)) (sz 16) & usize) + (t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) & usize) else byte_shuffles, byte_shuffles_index <: - (t_Array (t_Array u8 (sz 16)) (sz 16) & usize)) + (t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) & usize)) in byte_shuffles) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti index 0c43b9b5d..12a91126d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Shuffle_table.fsti @@ -7,130 +7,138 @@ val is_bit_set (number: usize) (bit_position: u8) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) val generate_shuffle_table: Prims.unit - -> Prims.Pure (t_Array (t_Array u8 (sz 16)) (sz 16)) Prims.l_True (fun _ -> Prims.l_True) + -> Prims.Pure (t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16)) + Prims.l_True + (fun _ -> Prims.l_True) -let v_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 16) = +let v_SHUFFLE_TABLE: t_Array (t_Array u8 (mk_usize 16)) (mk_usize 16) = let list = [ (let list = [ - 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy; 255uy + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst index d92dc0ac9..bc75388f5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.fst @@ -390,7 +390,7 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> let tmp0, out1:(t_Slice i32 & usize) = - Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (sz 2) randomness out + Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (mk_usize 2) randomness out in let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in @@ -405,7 +405,7 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> let tmp0, out1:(t_Slice i32 & usize) = - Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (sz 4) randomness out + Libcrux_ml_dsa.Simd.Avx2.Rejection_sample.Less_than_eta.sample (mk_usize 4) randomness out in let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in @@ -660,35 +660,35 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto out); f_ntt_pre = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) -> true); + (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> true); f_ntt_post = (fun - (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> true); f_ntt = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) -> - let simd_units:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> + let simd_units:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Libcrux_ml_dsa.Simd.Avx2.Ntt.ntt simd_units in simd_units); f_invert_ntt_montgomery_pre = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) -> true); + (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> true); f_invert_ntt_montgomery_post = (fun - (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) - (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) + (out: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> true); f_invert_ntt_montgomery = - fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32)) -> - let simd_units:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (sz 32) = + fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) -> + let simd_units:t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32) = Libcrux_ml_dsa.Simd.Avx2.Invntt.invert_ntt_montgomery simd_units in simd_units diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst index b997bc750..493bdf16a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst @@ -5,7 +5,7 @@ open FStar.Mul let add (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let lhs:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (lhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -30,7 +30,7 @@ let add (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = <: i32) <: - t_Array i32 (sz 8) + t_Array i32 (mk_usize 8) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -39,7 +39,7 @@ let add (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let subtract (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let lhs:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (lhs.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -64,14 +64,15 @@ let subtract (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) <: i32) <: - t_Array i32 (sz 8) + t_Array i32 (mk_usize 8) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) in lhs -let get_n_least_significant_bits (n: u8) (value: u64) = value &. ((1uL <>! 31l <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) in + let t:i32 = + t +! ((t >>! mk_i32 31 <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + in let t1:i32 = - ((t -! 1l <: i32) +! - (1l <>! Libcrux_ml_dsa.Constants.v_BITS_IN_LOWER_PART_OF_T @@ -203,7 +208,7 @@ let power2round_element (t: i32) = let power2round (t0 t1: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let t0, t1:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (t0.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -270,7 +275,7 @@ let infinity_norm_exceeds = let result:bool = false in let result:bool = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -296,15 +301,15 @@ let infinity_norm_exceeds in () in - let sign:i32 = coefficient >>! 31l in - let normalized:i32 = coefficient -! (sign &. (2l *! coefficient <: i32) <: i32) in + let sign:i32 = coefficient >>! mk_i32 31 in + let normalized:i32 = coefficient -! (sign &. (mk_i32 2 *! coefficient <: i32) <: i32) in let result:bool = result || normalized >=. bound in result) in result let reduce_element (fe: i32) = - let quotient:i32 = (fe +! (1l <>! 23l in + let quotient:i32 = (fe +! (mk_i32 1 <>! mk_i32 23 in fe -! (quotient *! Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) let shift_left_then_reduce @@ -312,7 +317,7 @@ let shift_left_then_reduce (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -341,7 +346,7 @@ let shift_left_then_reduce <: i32) <: - t_Array i32 (sz 8) + t_Array i32 (mk_usize 8) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -351,18 +356,18 @@ let shift_left_then_reduce let compute_one_hint (low high gamma2: i32) = if low >. gamma2 || low <. (Core.Ops.Arith.Neg.neg gamma2 <: i32) || - low =. (Core.Ops.Arith.Neg.neg gamma2 <: i32) && high <>. 0l - then 1l - else 0l + low =. (Core.Ops.Arith.Neg.neg gamma2 <: i32) && high <>. mk_i32 0 + then mk_i32 1 + else mk_i32 0 let compute_hint (low high: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) (gamma2: i32) (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = - let one_hints_count:usize = sz 0 in + let one_hints_count:usize = mk_usize 0 in let hint, one_hints_count:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -423,32 +428,38 @@ let decompose_element (gamma2 r: i32) = in () in - let r:i32 = r +! ((r >>! 31l <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) in - let ceil_of_r_by_128_:i32 = (r +! 127l <: i32) >>! 7l in + let r:i32 = + r +! ((r >>! mk_i32 31 <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + in + let ceil_of_r_by_128_:i32 = (r +! mk_i32 127 <: i32) >>! mk_i32 7 in let r1:i32 = match gamma2 <: i32 with - | 95232l -> + | Rust_primitives.Integers.MkInt 95232 -> let result:i32 = - ((ceil_of_r_by_128_ *! 11275l <: i32) +! (1l <>! 24l + ((ceil_of_r_by_128_ *! mk_i32 11275 <: i32) +! (mk_i32 1 <>! + mk_i32 24 in - (result ^. ((43l -! result <: i32) >>! 31l <: i32) <: i32) &. result - | 261888l -> + (result ^. ((mk_i32 43 -! result <: i32) >>! mk_i32 31 <: i32) <: i32) &. result + | Rust_primitives.Integers.MkInt 261888 -> let result:i32 = - ((ceil_of_r_by_128_ *! 1025l <: i32) +! (1l <>! 22l + ((ceil_of_r_by_128_ *! mk_i32 1025 <: i32) +! (mk_i32 1 <>! + mk_i32 22 in - result &. 15l + result &. mk_i32 15 | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" <: Rust_primitives.Hax.t_Never) in - let alpha:i32 = gamma2 *! 2l in + let alpha:i32 = gamma2 *! mk_i32 2 in let r0:i32 = r -! (r1 *! alpha <: i32) in let r0:i32 = r0 -! - (((((Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS -! 1l <: i32) /! 2l <: i32) -! r0 <: i32) >>! - 31l + (((((Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS -! mk_i32 1 <: i32) /! mk_i32 2 <: i32) -! r0 + <: + i32) >>! + mk_i32 31 <: i32) &. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS @@ -459,15 +470,16 @@ let decompose_element (gamma2 r: i32) = let use_one_hint (gamma2 r hint: i32) = let r0, r1:(i32 & i32) = decompose_element gamma2 r in - if hint =. 0l + if hint =. mk_i32 0 then r1 else match gamma2 <: i32 with - | 95232l -> - if r0 >. 0l - then if r1 =. 43l then 0l else r1 +! hint - else if r1 =. 0l then 43l else r1 -! hint - | 261888l -> if r0 >. 0l then (r1 +! hint <: i32) &. 15l else (r1 -! hint <: i32) &. 15l + | Rust_primitives.Integers.MkInt 95232 -> + if r0 >. mk_i32 0 + then if r1 =. mk_i32 43 then mk_i32 0 else r1 +! hint + else if r1 =. mk_i32 0 then mk_i32 43 else r1 -! hint + | Rust_primitives.Integers.MkInt 261888 -> + if r0 >. mk_i32 0 then (r1 +! hint <: i32) &. mk_i32 15 else (r1 -! hint <: i32) &. mk_i32 15 | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -480,7 +492,7 @@ let decompose = let high, low:(Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (low.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -544,7 +556,7 @@ let decompose let use_hint (gamma2: i32) (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) <: @@ -570,7 +582,7 @@ let use_hint (gamma2: i32) (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_ <: i32) <: - t_Array i32 (sz 8) + t_Array i32 (mk_usize 8) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti index 8d7bcf337..b33255c91 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_dsa.Simd.Portable.Arithmetic open Core open FStar.Mul -let v_MONTGOMERY_SHIFT: u8 = 32uy +let v_MONTGOMERY_SHIFT: u8 = mk_u8 32 val add (lhs rhs: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst index ad1e8b82e..943dded63 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Commitment.fst @@ -9,9 +9,9 @@ let serialize = let serialized:t_Slice u8 = match cast (Core.Slice.impl__len #u8 serialized <: usize) <: u8 with - | 4uy -> + | Rust_primitives.Integers.MkInt 4 -> let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 2) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -21,19 +21,19 @@ let serialize (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let coefficient0:u8 = cast (coefficients.[ sz 0 ] <: i32) <: u8 in - let coefficient1:u8 = cast (coefficients.[ sz 1 ] <: i32) <: u8 in + let coefficient0:u8 = cast (coefficients.[ mk_usize 0 ] <: i32) <: u8 in + let coefficient1:u8 = cast (coefficients.[ mk_usize 1 ] <: i32) <: u8 in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized i - ((coefficient1 < + | Rust_primitives.Integers.MkInt 6 -> let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 4) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -43,24 +43,24 @@ let serialize (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let coefficient0:u8 = cast (coefficients.[ sz 0 ] <: i32) <: u8 in - let coefficient1:u8 = cast (coefficients.[ sz 1 ] <: i32) <: u8 in - let coefficient2:u8 = cast (coefficients.[ sz 2 ] <: i32) <: u8 in - let coefficient3:u8 = cast (coefficients.[ sz 3 ] <: i32) <: u8 in + let coefficient0:u8 = cast (coefficients.[ mk_usize 0 ] <: i32) <: u8 in + let coefficient1:u8 = cast (coefficients.[ mk_usize 1 ] <: i32) <: u8 in + let coefficient2:u8 = cast (coefficients.[ mk_usize 2 ] <: i32) <: u8 in + let coefficient3:u8 = cast (coefficients.[ mk_usize 3 ] <: i32) <: u8 in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 3 *! i <: usize) - ((coefficient1 <>! 2l <: u8) <: u8) + ((mk_usize 3 *! i <: usize) +! mk_usize 1 <: usize) + ((coefficient2 <>! mk_i32 2 <: u8) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 3 *! i <: usize) +! sz 2 <: usize) - ((coefficient3 <>! 4l <: u8) <: u8) + ((mk_usize 3 *! i <: usize) +! mk_usize 2 <: usize) + ((coefficient3 <>! mk_i32 4 <: u8) <: u8) in serialized) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst index c0abeeb68..fe2618f47 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst @@ -11,13 +11,13 @@ let serialize_when_eta_is_2_ if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 3 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 3 <: bool) in () in let coefficient0:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) <: i32) <: @@ -25,7 +25,7 @@ let serialize_when_eta_is_2_ in let coefficient1:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) <: i32) <: @@ -33,7 +33,7 @@ let serialize_when_eta_is_2_ in let coefficient2:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) <: i32) <: @@ -41,7 +41,7 @@ let serialize_when_eta_is_2_ in let coefficient3:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) <: i32) <: @@ -49,7 +49,7 @@ let serialize_when_eta_is_2_ in let coefficient4:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) <: i32) <: @@ -57,7 +57,7 @@ let serialize_when_eta_is_2_ in let coefficient5:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) <: i32) <: @@ -65,7 +65,7 @@ let serialize_when_eta_is_2_ in let coefficient6:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) <: i32) <: @@ -73,7 +73,7 @@ let serialize_when_eta_is_2_ in let coefficient7:u8 = cast (serialize_when_eta_is_2___ETA -! - (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] <: i32) + (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) <: i32) <: @@ -81,25 +81,28 @@ let serialize_when_eta_is_2_ in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 0) - (((coefficient2 <>! 2l <: u8) + (coefficient2 >>! mk_i32 2 <: u8) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 2) - (((coefficient7 <>! 1l <: u8) + (mk_usize 2) + (((coefficient7 <>! mk_i32 1 <: u8) <: u8) in @@ -110,7 +113,7 @@ let serialize_when_eta_is_4_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 2) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -121,15 +124,19 @@ let serialize_when_eta_is_4_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:u8 = - cast (serialize_when_eta_is_4___ETA -! (coefficients.[ sz 0 ] <: i32) <: i32) <: u8 + cast (serialize_when_eta_is_4___ETA -! (coefficients.[ mk_usize 0 ] <: i32) <: i32) + <: + u8 in let coefficient1:u8 = - cast (serialize_when_eta_is_4___ETA -! (coefficients.[ sz 1 ] <: i32) <: i32) <: u8 + cast (serialize_when_eta_is_4___ETA -! (coefficients.[ mk_usize 1 ] <: i32) <: i32) + <: + u8 in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized i - ((coefficient1 <>! 3l <: i32) &. 7l <: i32) <: i32) + (mk_usize 1) + (deserialize_when_eta_is_2___ETA -! ((byte0 >>! mk_i32 3 <: i32) &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -195,9 +202,9 @@ let deserialize_when_eta_is_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) + (mk_usize 2) (deserialize_when_eta_is_2___ETA -! - (((byte0 >>! 6l <: i32) |. (byte1 <>! mk_i32 6 <: i32) |. (byte1 <>! 1l <: i32) &. 7l <: i32) <: i32) + (mk_usize 3) + (deserialize_when_eta_is_2___ETA -! ((byte1 >>! mk_i32 1 <: i32) &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -224,8 +231,8 @@ let deserialize_when_eta_is_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) - (deserialize_when_eta_is_2___ETA -! ((byte1 >>! 4l <: i32) &. 7l <: i32) <: i32) + (mk_usize 4) + (deserialize_when_eta_is_2___ETA -! ((byte1 >>! mk_i32 4 <: i32) &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -237,9 +244,9 @@ let deserialize_when_eta_is_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) + (mk_usize 5) (deserialize_when_eta_is_2___ETA -! - (((byte1 >>! 7l <: i32) |. (byte2 <>! mk_i32 7 <: i32) |. (byte2 <>! 2l <: i32) &. 7l <: i32) <: i32) + (mk_usize 6) + (deserialize_when_eta_is_2___ETA -! ((byte2 >>! mk_i32 2 <: i32) &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -266,8 +273,8 @@ let deserialize_when_eta_is_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) - (deserialize_when_eta_is_2___ETA -! ((byte2 >>! 5l <: i32) &. 7l <: i32) <: i32) + (mk_usize 7) + (deserialize_when_eta_is_2___ETA -! ((byte2 >>! mk_i32 5 <: i32) &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -282,7 +289,7 @@ let deserialize_when_eta_is_4_ if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 4 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 4 <: bool) in () in @@ -303,8 +310,8 @@ let deserialize_when_eta_is_4_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_units .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2 *! i <: usize) - (deserialize_when_eta_is_4___ETA -! (cast (byte &. 15uy <: u8) <: i32) <: i32) + (mk_usize 2 *! i <: usize) + (deserialize_when_eta_is_4___ETA -! (cast (byte &. mk_u8 15 <: u8) <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -316,8 +323,8 @@ let deserialize_when_eta_is_4_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_units .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - ((sz 2 *! i <: usize) +! sz 1 <: usize) - (deserialize_when_eta_is_4___ETA -! (cast (byte >>! 4l <: u8) <: i32) <: i32) + ((mk_usize 2 *! i <: usize) +! mk_usize 1 <: usize) + (deserialize_when_eta_is_4___ETA -! (cast (byte >>! mk_i32 4 <: u8) <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti index 5cfa7a48c..ae3d16c4c 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti @@ -3,14 +3,14 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.Error open Core open FStar.Mul -let serialize_when_eta_is_2___ETA: i32 = 2l +let serialize_when_eta_is_2___ETA: i32 = mk_i32 2 val serialize_when_eta_is_2_ (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let serialize_when_eta_is_4___ETA: i32 = 4l +let serialize_when_eta_is_4___ETA: i32 = mk_i32 4 val serialize_when_eta_is_4_ (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -23,7 +23,7 @@ val serialize (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize_when_eta_is_2___ETA: i32 = 2l +let deserialize_when_eta_is_2___ETA: i32 = mk_i32 2 val deserialize_when_eta_is_2_ (serialized: t_Slice u8) @@ -32,7 +32,7 @@ val deserialize_when_eta_is_2_ Prims.l_True (fun _ -> Prims.l_True) -let deserialize_when_eta_is_4___ETA: i32 = 4l +let deserialize_when_eta_is_4___ETA: i32 = mk_i32 4 val deserialize_when_eta_is_4_ (serialized: t_Slice u8) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst index db22697c6..096f1d980 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst @@ -8,7 +8,7 @@ let serialize_when_gamma1_is_2_pow_17_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 4) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -19,85 +19,85 @@ let serialize_when_gamma1_is_2_pow_17_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ sz 0 ] <: i32) + serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) in let coefficient1:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ sz 1 ] <: i32) + serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) in let coefficient2:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ sz 2 ] <: i32) + serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 2 ] <: i32) in let coefficient3:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ sz 3 ] <: i32) + serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 3 ] <: i32) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 9 *! i <: usize) + (mk_usize 9 *! i <: usize) (cast (coefficient0 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 1 <: usize) - (cast (coefficient0 >>! 8l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 1 <: usize) + (cast (coefficient0 >>! mk_i32 8 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 2 <: usize) - (cast (coefficient0 >>! 16l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 2 <: usize) + (cast (coefficient0 >>! mk_i32 16 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 2 <: usize) - ((serialized.[ (sz 9 *! i <: usize) +! sz 2 <: usize ] <: u8) |. - (cast (coefficient1 <>! 6l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 3 <: usize) + (cast (coefficient1 >>! mk_i32 6 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 4 <: usize) - (cast (coefficient1 >>! 14l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 4 <: usize) + (cast (coefficient1 >>! mk_i32 14 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 4 <: usize) - ((serialized.[ (sz 9 *! i <: usize) +! sz 4 <: usize ] <: u8) |. - (cast (coefficient2 <>! 4l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 5 <: usize) + (cast (coefficient2 >>! mk_i32 4 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 6 <: usize) - (cast (coefficient2 >>! 12l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 6 <: usize) + (cast (coefficient2 >>! mk_i32 12 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 6 <: usize) - ((serialized.[ (sz 9 *! i <: usize) +! sz 6 <: usize ] <: u8) |. - (cast (coefficient3 <>! 2l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 7 <: usize) + (cast (coefficient3 >>! mk_i32 2 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 9 *! i <: usize) +! sz 8 <: usize) - (cast (coefficient3 >>! 10l <: i32) <: u8) + ((mk_usize 9 *! i <: usize) +! mk_usize 8 <: usize) + (cast (coefficient3 >>! mk_i32 10 <: i32) <: u8) in serialized) in @@ -108,7 +108,7 @@ let serialize_when_gamma1_is_2_pow_19_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 2) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 2) (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values <: t_Slice i32) (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -119,43 +119,43 @@ let serialize_when_gamma1_is_2_pow_19_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:i32 = - serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ sz 0 ] <: i32) + serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) in let coefficient1:i32 = - serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ sz 1 ] <: i32) + serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 5 *! i <: usize) + (mk_usize 5 *! i <: usize) (cast (coefficient0 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 1 <: usize) - (cast (coefficient0 >>! 8l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 1 <: usize) + (cast (coefficient0 >>! mk_i32 8 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 2 <: usize) - (cast (coefficient0 >>! 16l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 2 <: usize) + (cast (coefficient0 >>! mk_i32 16 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 2 <: usize) - ((serialized.[ (sz 5 *! i <: usize) +! sz 2 <: usize ] <: u8) |. - (cast (coefficient1 <>! 4l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 3 <: usize) + (cast (coefficient1 >>! mk_i32 4 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 4 <: usize) - (cast (coefficient1 >>! 12l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 4 <: usize) + (cast (coefficient1 >>! mk_i32 12 <: i32) <: u8) in serialized) in @@ -168,8 +168,8 @@ let serialize = let serialized:t_Slice u8 = match cast (gamma1_exponent <: usize) <: u8 with - | 17uy -> serialize_when_gamma1_is_2_pow_17_ simd_unit serialized - | 19uy -> serialize_when_gamma1_is_2_pow_19_ simd_unit serialized + | Rust_primitives.Integers.MkInt 17 -> serialize_when_gamma1_is_2_pow_17_ simd_unit serialized + | Rust_primitives.Integers.MkInt 19 -> serialize_when_gamma1_is_2_pow_19_ simd_unit serialized | _ -> serialized in serialized @@ -182,12 +182,12 @@ let deserialize_when_gamma1_is_2_pow_17_ if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 18 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 18 <: bool) in () in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 9) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 9) serialized (fun simd_unit temp_1_ -> let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in @@ -197,42 +197,42 @@ let deserialize_when_gamma1_is_2_pow_17_ (fun simd_unit temp_1_ -> let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient0:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in + let coefficient0:i32 = cast (bytes.[ mk_usize 0 ] <: u8) <: i32 in let coefficient0:i32 = - coefficient0 |. ((cast (bytes.[ sz 1 ] <: u8) <: i32) <>! 2l in + let coefficient1:i32 = (cast (bytes.[ mk_usize 2 ] <: u8) <: i32) >>! mk_i32 2 in let coefficient1:i32 = - coefficient1 |. ((cast (bytes.[ sz 3 ] <: u8) <: i32) <>! 4l in + let coefficient2:i32 = (cast (bytes.[ mk_usize 4 ] <: u8) <: i32) >>! mk_i32 4 in let coefficient2:i32 = - coefficient2 |. ((cast (bytes.[ sz 5 ] <: u8) <: i32) <>! 6l in + let coefficient3:i32 = (cast (bytes.[ mk_usize 6 ] <: u8) <: i32) >>! mk_i32 6 in let coefficient3:i32 = - coefficient3 |. ((cast (bytes.[ sz 7 ] <: u8) <: i32) < let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in @@ -316,22 +316,22 @@ let deserialize_when_gamma1_is_2_pow_19_ (fun simd_unit temp_1_ -> let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient0:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in + let coefficient0:i32 = cast (bytes.[ mk_usize 0 ] <: u8) <: i32 in let coefficient0:i32 = - coefficient0 |. ((cast (bytes.[ sz 1 ] <: u8) <: i32) <>! 4l in + let coefficient1:i32 = (cast (bytes.[ mk_usize 2 ] <: u8) <: i32) >>! mk_i32 4 in let coefficient1:i32 = - coefficient1 |. ((cast (bytes.[ sz 3 ] <: u8) <: i32) < deserialize_when_gamma1_is_2_pow_17_ serialized out - | 19uy -> deserialize_when_gamma1_is_2_pow_19_ serialized out + | Rust_primitives.Integers.MkInt 17 -> deserialize_when_gamma1_is_2_pow_17_ serialized out + | Rust_primitives.Integers.MkInt 19 -> deserialize_when_gamma1_is_2_pow_19_ serialized out | _ -> out in out diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti index 674b82261..a747b6d7d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti @@ -3,14 +3,14 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1 open Core open FStar.Mul -let serialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = 1l < Prims.l_True) -let serialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = 1l < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = 1l < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = 1l <>! 8l <: i32) <: u8) + (mk_usize 1) + (cast (coefficient0 >>! mk_i32 8 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 1) - ((serialized.[ sz 1 ] <: u8) |. (cast (coefficient1 <>! 3l <: i32) <: u8) + (mk_usize 2) + (cast (coefficient1 >>! mk_i32 3 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 3) - (cast (coefficient1 >>! 11l <: i32) <: u8) + (mk_usize 3) + (cast (coefficient1 >>! mk_i32 11 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 3) - ((serialized.[ sz 3 ] <: u8) |. (cast (coefficient2 <>! 6l <: i32) <: u8) + (mk_usize 4) + (cast (coefficient2 >>! mk_i32 6 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 4) - ((serialized.[ sz 4 ] <: u8) |. (cast (coefficient3 <>! 1l <: i32) <: u8) + (mk_usize 5) + (cast (coefficient3 >>! mk_i32 1 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 6) - (cast (coefficient3 >>! 9l <: i32) <: u8) + (mk_usize 6) + (cast (coefficient3 >>! mk_i32 9 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 6) - ((serialized.[ sz 6 ] <: u8) |. (cast (coefficient4 <>! 4l <: i32) <: u8) + (mk_usize 7) + (cast (coefficient4 >>! mk_i32 4 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 8) - (cast (coefficient4 >>! 12l <: i32) <: u8) + (mk_usize 8) + (cast (coefficient4 >>! mk_i32 12 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 8) - ((serialized.[ sz 8 ] <: u8) |. (cast (coefficient5 <>! 7l <: i32) <: u8) + (mk_usize 9) + (cast (coefficient5 >>! mk_i32 7 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 9) - ((serialized.[ sz 9 ] <: u8) |. (cast (coefficient6 <>! 2l <: i32) <: u8) + (mk_usize 10) + (cast (coefficient6 >>! mk_i32 2 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 11) - (cast (coefficient6 >>! 10l <: i32) <: u8) + (mk_usize 11) + (cast (coefficient6 >>! mk_i32 10 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 11) - ((serialized.[ sz 11 ] <: u8) |. (cast (coefficient7 <>! 5l <: i32) <: u8) + (mk_usize 12) + (cast (coefficient7 >>! mk_i32 5 <: i32) <: u8) in serialized @@ -152,50 +169,50 @@ let deserialize if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 13 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 13 <: bool) in () in - let byte0:i32 = cast (serialized.[ sz 0 ] <: u8) <: i32 in - let byte1:i32 = cast (serialized.[ sz 1 ] <: u8) <: i32 in - let byte2:i32 = cast (serialized.[ sz 2 ] <: u8) <: i32 in - let byte3:i32 = cast (serialized.[ sz 3 ] <: u8) <: i32 in - let byte4:i32 = cast (serialized.[ sz 4 ] <: u8) <: i32 in - let byte5:i32 = cast (serialized.[ sz 5 ] <: u8) <: i32 in - let byte6:i32 = cast (serialized.[ sz 6 ] <: u8) <: i32 in - let byte7:i32 = cast (serialized.[ sz 7 ] <: u8) <: i32 in - let byte8:i32 = cast (serialized.[ sz 8 ] <: u8) <: i32 in - let byte9:i32 = cast (serialized.[ sz 9 ] <: u8) <: i32 in - let byte10:i32 = cast (serialized.[ sz 10 ] <: u8) <: i32 in - let byte11:i32 = cast (serialized.[ sz 11 ] <: u8) <: i32 in - let byte12:i32 = cast (serialized.[ sz 12 ] <: u8) <: i32 in + let byte0:i32 = cast (serialized.[ mk_usize 0 ] <: u8) <: i32 in + let byte1:i32 = cast (serialized.[ mk_usize 1 ] <: u8) <: i32 in + let byte2:i32 = cast (serialized.[ mk_usize 2 ] <: u8) <: i32 in + let byte3:i32 = cast (serialized.[ mk_usize 3 ] <: u8) <: i32 in + let byte4:i32 = cast (serialized.[ mk_usize 4 ] <: u8) <: i32 in + let byte5:i32 = cast (serialized.[ mk_usize 5 ] <: u8) <: i32 in + let byte6:i32 = cast (serialized.[ mk_usize 6 ] <: u8) <: i32 in + let byte7:i32 = cast (serialized.[ mk_usize 7 ] <: u8) <: i32 in + let byte8:i32 = cast (serialized.[ mk_usize 8 ] <: u8) <: i32 in + let byte9:i32 = cast (serialized.[ mk_usize 9 ] <: u8) <: i32 in + let byte10:i32 = cast (serialized.[ mk_usize 10 ] <: u8) <: i32 in + let byte11:i32 = cast (serialized.[ mk_usize 11 ] <: u8) <: i32 in + let byte12:i32 = cast (serialized.[ mk_usize 12 ] <: u8) <: i32 in let coefficient0:i32 = byte0 in - let coefficient0:i32 = coefficient0 |. (byte1 <>! 5l in - let coefficient1:i32 = coefficient1 |. (byte2 <>! mk_i32 5 in + let coefficient1:i32 = coefficient1 |. (byte2 <>! 2l in - let coefficient2:i32 = coefficient2 |. (byte4 <>! mk_i32 2 in + let coefficient2:i32 = coefficient2 |. (byte4 <>! 7l in - let coefficient3:i32 = coefficient3 |. (byte5 <>! mk_i32 7 in + let coefficient3:i32 = coefficient3 |. (byte5 <>! 4l in - let coefficient4:i32 = coefficient4 |. (byte7 <>! mk_i32 4 in + let coefficient4:i32 = coefficient4 |. (byte7 <>! 1l in - let coefficient5:i32 = coefficient5 |. (byte9 <>! mk_i32 1 in + let coefficient5:i32 = coefficient5 |. (byte9 <>! 6l in - let coefficient6:i32 = coefficient6 |. (byte10 <>! mk_i32 6 in + let coefficient6:i32 = coefficient6 |. (byte10 <>! 3l in - let coefficient7:i32 = coefficient7 |. (byte12 <>! mk_i32 3 in + let coefficient7:i32 = coefficient7 |. (byte12 < Prims.l_True) let deserialize__BITS_IN_LOWER_PART_OF_T_MASK: i32 = - (1l < let serialized:t_Slice u8 = serialized in @@ -28,37 +28,57 @@ let serialize let i, coefficients:(usize & t_Slice i32) = temp_1_ in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 5 *! i <: usize) - (cast ((coefficients.[ sz 0 ] <: i32) &. 255l <: i32) <: u8) + (mk_usize 5 *! i <: usize) + (cast ((coefficients.[ mk_usize 0 ] <: i32) &. mk_i32 255 <: i32) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 1 <: usize) - (((cast ((coefficients.[ sz 1 ] <: i32) &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 1 <: usize) + (((cast ((coefficients.[ mk_usize 1 ] <: i32) &. mk_i32 63 <: i32) <: u8) <>! mk_i32 8 <: i32) &. mk_i32 3 <: i32 + ) + <: + u8) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 2 <: usize) - (((cast ((coefficients.[ sz 2 ] <: i32) &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 2 <: usize) + (((cast ((coefficients.[ mk_usize 2 ] <: i32) &. mk_i32 15 <: i32) <: u8) <>! mk_i32 6 <: i32) &. mk_i32 15 + <: + i32) + <: + u8) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 3 <: usize) - (((cast ((coefficients.[ sz 3 ] <: i32) &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 3 <: usize) + (((cast ((coefficients.[ mk_usize 3 ] <: i32) &. mk_i32 3 <: i32) <: u8) <>! mk_i32 4 <: i32) &. mk_i32 63 + <: + i32) + <: + u8) <: u8) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - ((sz 5 *! i <: usize) +! sz 4 <: usize) - (cast (((coefficients.[ sz 3 ] <: i32) >>! 2l <: i32) &. 255l <: i32) <: u8) + ((mk_usize 5 *! i <: usize) +! mk_usize 4 <: usize) + (cast (((coefficients.[ mk_usize 3 ] <: i32) >>! mk_i32 2 <: i32) &. mk_i32 255 <: i32 + ) + <: + u8) in serialized) in @@ -72,13 +92,15 @@ let deserialize if true then let _:Prims.unit = - Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. sz 10 <: bool) + Hax_lib.v_assert ((Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 10 <: bool) in () in - let mask:i32 = (1l < let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in @@ -88,11 +110,11 @@ let deserialize (fun simd_unit temp_1_ -> let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = simd_unit in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let byte0:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in - let byte1:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in - let byte2:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in - let byte3:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in - let byte4:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in + let byte0:i32 = cast (bytes.[ mk_usize 0 ] <: u8) <: i32 in + let byte1:i32 = cast (bytes.[ mk_usize 1 ] <: u8) <: i32 in + let byte2:i32 = cast (bytes.[ mk_usize 2 ] <: u8) <: i32 in + let byte3:i32 = cast (bytes.[ mk_usize 3 ] <: u8) <: i32 in + let byte4:i32 = cast (bytes.[ mk_usize 4 ] <: u8) <: i32 in let simd_unit:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = { simd_unit with @@ -100,8 +122,8 @@ let deserialize = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4 *! i <: usize) - ((byte0 |. (byte1 <>! 2l <: i32) |. (byte2 <>! mk_i32 2 <: i32) |. (byte2 <>! 4l <: i32) |. (byte3 <>! mk_i32 4 <: i32) |. (byte3 <>! 6l <: i32) |. (byte4 <>! mk_i32 6 <: i32) |. (byte4 < - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let _:usize = temp_1_ in true) re (fun re j -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let j:usize = j in let rejs:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = Core.Clone.f_clone #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -833,7 +997,7 @@ let outer_3_plus Libcrux_ml_dsa.Simd.Portable.Arithmetic.subtract a_minus_b (re.[ j ] <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re j (Libcrux_ml_dsa.Simd.Portable.Arithmetic.add (re.[ j ] @@ -843,12 +1007,12 @@ let outer_3_plus <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) a_minus_b in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_by_constant (re.[ j +! @@ -866,173 +1030,177 @@ let outer_3_plus re let invert_ntt_at_layer_3_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 1) 280005l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 1) (mk_i32 280005) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 2) (sz 1) 4010497l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 2) (mk_usize 1) (mk_i32 4010497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 4) (sz 1) (-19422l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 1) (mk_i32 (-19422)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 6) (sz 1) 1757237l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 6) (mk_usize 1) (mk_i32 1757237) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 1) (-3277672l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 1) (mk_i32 (-3277672)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 10) (sz 1) (-1399561l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 10) (mk_usize 1) (mk_i32 (-1399561)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 12) (sz 1) (-3859737l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 1) (mk_i32 (-3859737)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 14) (sz 1) (-2118186l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 14) (mk_usize 1) (mk_i32 (-2118186)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 1) (-2108549l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 1) (mk_i32 (-2108549)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 18) (sz 1) 2619752l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 18) (mk_usize 1) (mk_i32 2619752) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 20) (sz 1) (-1119584l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 1) (mk_i32 (-1119584)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 22) (sz 1) (-549488l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 22) (mk_usize 1) (mk_i32 (-549488)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 1) 3585928l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 1) (mk_i32 3585928) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 26) (sz 1) (-1079900l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 26) (mk_usize 1) (mk_i32 (-1079900)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 28) (sz 1) 1024112l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 1) (mk_i32 1024112) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 30) (sz 1) 2725464l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 30) (mk_usize 1) (mk_i32 2725464) re in re let invert_ntt_at_layer_4_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 2) 2680103l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 2) (mk_i32 2680103) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 4) (sz 2) 3111497l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 2) (mk_i32 3111497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 2) (-2884855l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 2) (mk_i32 (-2884855)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 12) (sz 2) 3119733l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 2) (mk_i32 3119733) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 2) (-2091905l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 2) (mk_i32 (-2091905)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 20) (sz 2) (-359251l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 2) (mk_i32 (-359251)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 2) 2353451l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 2) (mk_i32 2353451) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 28) (sz 2) 1826347l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 2) (mk_i32 1826347) re in re let invert_ntt_at_layer_5_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 4) 466468l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 4) (mk_i32 466468) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 4) (-876248l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 4) (mk_i32 (-876248)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 4) (-777960l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 4) (mk_i32 (-777960)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 4) 237124l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 4) (mk_i32 237124) re in re let invert_ntt_at_layer_6_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 8) (-518909l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 8) (mk_i32 (-518909)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 8) (-2608894l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 8) (mk_i32 (-2608894)) re in re let invert_ntt_at_layer_7_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 16) 25847l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 16) (mk_i32 25847) re in re let invert_ntt_montgomery - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_0_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_1_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_2_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_3_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_4_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_5_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_6_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = invert_ntt_at_layer_7_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (re <: t_Slice Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let _:usize = temp_1_ in true) re (fun re i -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let i:usize = i in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re i (Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_by_constant (re.[ i ] <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) - 41978l + (mk_i32 41978) <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) <: - t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) in re diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fsti index 9e6902a2f..4c2bf975f 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Invntt.fsti @@ -31,107 +31,107 @@ val simd_unit_invert_ntt_at_layer_2_ (fun _ -> Prims.l_True) val invert_ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta0 zeta1 zeta2 zeta3: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_0_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_00_ zeta_01_: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_1_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta1: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_2_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_3_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_3___STEP: usize = sz 8 +let invert_ntt_at_layer_3___STEP: usize = mk_usize 8 -let invert_ntt_at_layer_3___STEP_BY: usize = sz 1 +let invert_ntt_at_layer_3___STEP_BY: usize = mk_usize 1 val invert_ntt_at_layer_4_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_4___STEP: usize = sz 16 +let invert_ntt_at_layer_4___STEP: usize = mk_usize 16 -let invert_ntt_at_layer_4___STEP_BY: usize = sz 2 +let invert_ntt_at_layer_4___STEP_BY: usize = mk_usize 2 val invert_ntt_at_layer_5_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_5___STEP: usize = sz 32 +let invert_ntt_at_layer_5___STEP: usize = mk_usize 32 -let invert_ntt_at_layer_5___STEP_BY: usize = sz 4 +let invert_ntt_at_layer_5___STEP_BY: usize = mk_usize 4 val invert_ntt_at_layer_6_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_6___STEP: usize = sz 64 +let invert_ntt_at_layer_6___STEP: usize = mk_usize 64 -let invert_ntt_at_layer_6___STEP_BY: usize = sz 8 +let invert_ntt_at_layer_6___STEP_BY: usize = mk_usize 8 val invert_ntt_at_layer_7_ - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_7___STEP: usize = sz 128 +let invert_ntt_at_layer_7___STEP: usize = mk_usize 128 -let invert_ntt_at_layer_7___STEP_BY: usize = sz 16 +let invert_ntt_at_layer_7___STEP_BY: usize = mk_usize 16 val invert_ntt_montgomery - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst index e986c9984..9bfc8bed3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fst @@ -9,7 +9,7 @@ let simd_unit_ntt_at_layer_0_ = let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) zeta0 @@ -21,8 +21,10 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) -! t <: i32) + (mk_usize 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -34,15 +36,17 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) +! t <: i32) + (mk_usize 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) zeta1 @@ -54,8 +58,10 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) -! t <: i32) + (mk_usize 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -67,15 +73,17 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) +! t <: i32) + (mk_usize 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) zeta2 @@ -87,8 +95,10 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) -! t <: i32) + (mk_usize 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -100,15 +110,17 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) +! t <: i32) + (mk_usize 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) zeta3 @@ -120,8 +132,10 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) -! t <: i32) + (mk_usize 7) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -133,8 +147,10 @@ let simd_unit_ntt_at_layer_0_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] <: i32) +! t <: i32) + (mk_usize 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -147,7 +163,7 @@ let simd_unit_ntt_at_layer_1_ = let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) zeta1 @@ -159,8 +175,10 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) -! t <: i32) + (mk_usize 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -172,15 +190,17 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) +! t <: i32) + (mk_usize 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) zeta1 @@ -192,8 +212,10 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) -! t <: i32) + (mk_usize 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -205,15 +227,17 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) +! t <: i32) + (mk_usize 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) zeta2 @@ -225,8 +249,10 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) -! t <: i32) + (mk_usize 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -238,15 +264,17 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] <: i32) +! t <: i32) + (mk_usize 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) zeta2 @@ -258,8 +286,10 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) -! t <: i32) + (mk_usize 7) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -271,8 +301,10 @@ let simd_unit_ntt_at_layer_1_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] <: i32) +! t <: i32) + (mk_usize 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -285,7 +317,7 @@ let simd_unit_ntt_at_layer_2_ = let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 4 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) zeta @@ -297,8 +329,10 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 4) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) -! t <: i32) + (mk_usize 4) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -310,15 +344,17 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 0) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 0 ] <: i32) +! t <: i32) + (mk_usize 0) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 5 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) zeta @@ -330,8 +366,10 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 5) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) -! t <: i32) + (mk_usize 5) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -343,15 +381,17 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 1) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 1 ] <: i32) +! t <: i32) + (mk_usize 1) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 6 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) zeta @@ -363,8 +403,10 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 6) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) -! t <: i32) + (mk_usize 6) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -376,15 +418,17 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 2) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 2 ] <: i32) +! t <: i32) + (mk_usize 2) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients in let t:i32 = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_fe_by_fer (simd_unit - .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 7 ] + .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) zeta @@ -396,8 +440,10 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 7) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) -! t <: i32) + (mk_usize 7) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) -! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -409,8 +455,10 @@ let simd_unit_ntt_at_layer_2_ = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values - (sz 3) - ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ sz 3 ] <: i32) +! t <: i32) + (mk_usize 3) + ((simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) +! t + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -418,11 +466,11 @@ let simd_unit_ntt_at_layer_2_ simd_unit let ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_0_ zeta_1_ zeta_2_ zeta_3_: i32) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index (simd_unit_ntt_at_layer_0_ (re.[ index ] @@ -437,111 +485,273 @@ let ntt_at_layer_0___round in re -let ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 0) 2091667l 3407706l 2316500l 3817976l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 1) (-3342478l) 2244091l (-2446433l) (-3562462l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 2) 266997l 2434439l (-1235728l) 3513181l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 3) (-3520352l) (-3759364l) (-1197226l) (-3193378l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 4) 900702l 1859098l 909542l 819034l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 5) 495491l (-1613174l) (-43260l) (-522500l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 6) (-655327l) (-3122442l) 2031748l 3207046l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 7) (-3556995l) (-525098l) (-768622l) (-3595838l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 8) 342297l 286988l (-2437823l) 4108315l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 9) 3437287l (-3342277l) 1735879l 203044l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 10) 2842341l 2691481l (-2590150l) 1265009l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 11) 4055324l 1247620l 2486353l 1595974l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 12) (-3767016l) 1250494l 2635921l (-3548272l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 13) (-2994039l) 1869119l 1903435l (-1050970l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 14) (-1333058l) 1237275l (-3318210l) (-1430225l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 15) (-451100l) 1312455l 3306115l (-1962642l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 16) (-1279661l) 1917081l (-2546312l) (-1374803l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 17) 1500165l 777191l 2235880l 3406031l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 18) (-542412l) (-2831860l) (-1671176l) (-1846953l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 19) (-2584293l) (-3724270l) 594136l (-3776993l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 20) (-2013608l) 2432395l 2454455l (-164721l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 21) 1957272l 3369112l 185531l (-1207385l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 22) (-3183426l) 162844l 1616392l 3014001l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 23) 810149l 1652634l (-3694233l) (-1799107l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 24) (-3038916l) 3523897l 3866901l 269760l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 25) 2213111l (-975884l) 1717735l 472078l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 26) (-426683l) 1723600l (-1803090l) 1910376l - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 27) (-1667432l) (-1104333l) (-260646l) (-3833893l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 28) (-2939036l) (-2235985l) (-420899l) (-2286327l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 29) 183443l (-976891l) 1612842l (-3545687l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 30) (-554416l) 3919660l (-48306l) (-1362209l) - in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_0___round re (sz 31) 3937738l 1400424l (-846154l) 1976782l +let ntt_at_layer_0_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 0) + (mk_i32 2091667) + (mk_i32 3407706) + (mk_i32 2316500) + (mk_i32 3817976) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 1) + (mk_i32 (-3342478)) + (mk_i32 2244091) + (mk_i32 (-2446433)) + (mk_i32 (-3562462)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 2) + (mk_i32 266997) + (mk_i32 2434439) + (mk_i32 (-1235728)) + (mk_i32 3513181) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 3) + (mk_i32 (-3520352)) + (mk_i32 (-3759364)) + (mk_i32 (-1197226)) + (mk_i32 (-3193378)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 4) + (mk_i32 900702) + (mk_i32 1859098) + (mk_i32 909542) + (mk_i32 819034) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 5) + (mk_i32 495491) + (mk_i32 (-1613174)) + (mk_i32 (-43260)) + (mk_i32 (-522500)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 6) + (mk_i32 (-655327)) + (mk_i32 (-3122442)) + (mk_i32 2031748) + (mk_i32 3207046) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 7) + (mk_i32 (-3556995)) + (mk_i32 (-525098)) + (mk_i32 (-768622)) + (mk_i32 (-3595838)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 8) + (mk_i32 342297) + (mk_i32 286988) + (mk_i32 (-2437823)) + (mk_i32 4108315) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 9) + (mk_i32 3437287) + (mk_i32 (-3342277)) + (mk_i32 1735879) + (mk_i32 203044) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 10) + (mk_i32 2842341) + (mk_i32 2691481) + (mk_i32 (-2590150)) + (mk_i32 1265009) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 11) + (mk_i32 4055324) + (mk_i32 1247620) + (mk_i32 2486353) + (mk_i32 1595974) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 12) + (mk_i32 (-3767016)) + (mk_i32 1250494) + (mk_i32 2635921) + (mk_i32 (-3548272)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 13) + (mk_i32 (-2994039)) + (mk_i32 1869119) + (mk_i32 1903435) + (mk_i32 (-1050970)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 14) + (mk_i32 (-1333058)) + (mk_i32 1237275) + (mk_i32 (-3318210)) + (mk_i32 (-1430225)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 15) + (mk_i32 (-451100)) + (mk_i32 1312455) + (mk_i32 3306115) + (mk_i32 (-1962642)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 16) + (mk_i32 (-1279661)) + (mk_i32 1917081) + (mk_i32 (-2546312)) + (mk_i32 (-1374803)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 17) + (mk_i32 1500165) + (mk_i32 777191) + (mk_i32 2235880) + (mk_i32 3406031) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 18) + (mk_i32 (-542412)) + (mk_i32 (-2831860)) + (mk_i32 (-1671176)) + (mk_i32 (-1846953)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 19) + (mk_i32 (-2584293)) + (mk_i32 (-3724270)) + (mk_i32 594136) + (mk_i32 (-3776993)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 20) + (mk_i32 (-2013608)) + (mk_i32 2432395) + (mk_i32 2454455) + (mk_i32 (-164721)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 21) + (mk_i32 1957272) + (mk_i32 3369112) + (mk_i32 185531) + (mk_i32 (-1207385)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 22) + (mk_i32 (-3183426)) + (mk_i32 162844) + (mk_i32 1616392) + (mk_i32 3014001) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 23) + (mk_i32 810149) + (mk_i32 1652634) + (mk_i32 (-3694233)) + (mk_i32 (-1799107)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 24) + (mk_i32 (-3038916)) + (mk_i32 3523897) + (mk_i32 3866901) + (mk_i32 269760) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 25) + (mk_i32 2213111) + (mk_i32 (-975884)) + (mk_i32 1717735) + (mk_i32 472078) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 26) + (mk_i32 (-426683)) + (mk_i32 1723600) + (mk_i32 (-1803090)) + (mk_i32 1910376) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 27) + (mk_i32 (-1667432)) + (mk_i32 (-1104333)) + (mk_i32 (-260646)) + (mk_i32 (-3833893)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 28) + (mk_i32 (-2939036)) + (mk_i32 (-2235985)) + (mk_i32 (-420899)) + (mk_i32 (-2286327)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 29) + (mk_i32 183443) + (mk_i32 (-976891)) + (mk_i32 1612842) + (mk_i32 (-3545687)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 30) + (mk_i32 (-554416)) + (mk_i32 3919660) + (mk_i32 (-48306)) + (mk_i32 (-1362209)) + in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_0___round re + (mk_usize 31) + (mk_i32 3937738) + (mk_i32 1400424) + (mk_i32 (-846154)) + (mk_i32 1976782) in re let ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_0_ zeta_1_: i32) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index (simd_unit_ntt_at_layer_1_ (re.[ index ] @@ -554,111 +764,113 @@ let ntt_at_layer_1___round in re -let ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 0) (-3930395l) (-1528703l) +let ntt_at_layer_1_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 0) (mk_i32 (-3930395)) (mk_i32 (-1528703)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 1) (-3677745l) (-3041255l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 1) (mk_i32 (-3677745)) (mk_i32 (-3041255)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 2) (-1452451l) 3475950l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 2) (mk_i32 (-1452451)) (mk_i32 3475950) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 3) 2176455l (-1585221l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 3) (mk_i32 2176455) (mk_i32 (-1585221)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 4) (-1257611l) 1939314l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 4) (mk_i32 (-1257611)) (mk_i32 1939314) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 5) (-4083598l) (-1000202l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 5) (mk_i32 (-4083598)) (mk_i32 (-1000202)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 6) (-3190144l) (-3157330l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 6) (mk_i32 (-3190144)) (mk_i32 (-3157330)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 7) (-3632928l) 126922l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 7) (mk_i32 (-3632928)) (mk_i32 126922) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 8) 3412210l (-983419l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 8) (mk_i32 3412210) (mk_i32 (-983419)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 9) 2147896l 2715295l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 9) (mk_i32 2147896) (mk_i32 2715295) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 10) (-2967645l) (-3693493l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 10) (mk_i32 (-2967645)) (mk_i32 (-3693493)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 11) (-411027l) (-2477047l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 11) (mk_i32 (-411027)) (mk_i32 (-2477047)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 12) (-671102l) (-1228525l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 12) (mk_i32 (-671102)) (mk_i32 (-1228525)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 13) (-22981l) (-1308169l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 13) (mk_i32 (-22981)) (mk_i32 (-1308169)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 14) (-381987l) 1349076l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 14) (mk_i32 (-381987)) (mk_i32 1349076) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 15) 1852771l (-1430430l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 15) (mk_i32 1852771) (mk_i32 (-1430430)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 16) (-3343383l) 264944l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 16) (mk_i32 (-3343383)) (mk_i32 264944) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 17) 508951l 3097992l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 17) (mk_i32 508951) (mk_i32 3097992) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 18) 44288l (-1100098l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 18) (mk_i32 44288) (mk_i32 (-1100098)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 19) 904516l 3958618l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 19) (mk_i32 904516) (mk_i32 3958618) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 20) (-3724342l) (-8578l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 20) (mk_i32 (-3724342)) (mk_i32 (-8578)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 21) 1653064l (-3249728l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 21) (mk_i32 1653064) (mk_i32 (-3249728)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 22) 2389356l (-210977l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 22) (mk_i32 2389356) (mk_i32 (-210977)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 23) 759969l (-1316856l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 23) (mk_i32 759969) (mk_i32 (-1316856)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 24) 189548l (-3553272l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 24) (mk_i32 189548) (mk_i32 (-3553272)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 25) 3159746l (-1851402l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 25) (mk_i32 3159746) (mk_i32 (-1851402)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 26) (-2409325l) (-177440l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 26) (mk_i32 (-2409325)) (mk_i32 (-177440)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 27) 1315589l 1341330l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 27) (mk_i32 1315589) (mk_i32 1341330) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 28) 1285669l (-1584928l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 28) (mk_i32 1285669) (mk_i32 (-1584928)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 29) (-812732l) (-1439742l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 29) (mk_i32 (-812732)) (mk_i32 (-1439742)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 30) (-3019102l) (-3881060l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 30) (mk_i32 (-3019102)) (mk_i32 (-3881060)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_1___round re (sz 31) (-3628969l) 3839961l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_1___round re (mk_usize 31) (mk_i32 (-3628969)) (mk_i32 3839961) in re let ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta: i32) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re index (simd_unit_ntt_at_layer_2_ (re.[ index ] @@ -670,120 +882,126 @@ let ntt_at_layer_2___round in re -let ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 0) 2706023l +let ntt_at_layer_2_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 0) (mk_i32 2706023) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 1) 95776l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 1) (mk_i32 95776) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 2) 3077325l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 2) (mk_i32 3077325) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 3) 3530437l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 3) (mk_i32 3530437) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 4) (-1661693l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 4) (mk_i32 (-1661693)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 5) (-3592148l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 5) (mk_i32 (-3592148)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 6) (-2537516l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 6) (mk_i32 (-2537516)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 7) 3915439l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 7) (mk_i32 3915439) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 8) (-3861115l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 8) (mk_i32 (-3861115)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 9) (-3043716l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 9) (mk_i32 (-3043716)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 10) 3574422l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 10) (mk_i32 3574422) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 11) (-2867647l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 11) (mk_i32 (-2867647)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 12) 3539968l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 12) (mk_i32 3539968) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 13) (-300467l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 13) (mk_i32 (-300467)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 14) 2348700l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 14) (mk_i32 2348700) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 15) (-539299l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 15) (mk_i32 (-539299)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 16) (-1699267l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 16) (mk_i32 (-1699267)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 17) (-1643818l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 17) (mk_i32 (-1643818)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 18) 3505694l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 18) (mk_i32 3505694) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 19) (-3821735l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 19) (mk_i32 (-3821735)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 20) 3507263l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 20) (mk_i32 3507263) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 21) (-2140649l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 21) (mk_i32 (-2140649)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 22) (-1600420l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 22) (mk_i32 (-1600420)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 23) 3699596l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 23) (mk_i32 3699596) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 24) 811944l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 24) (mk_i32 811944) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 25) 531354l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 25) (mk_i32 531354) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 26) 954230l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 26) (mk_i32 954230) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 27) 3881043l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 27) (mk_i32 3881043) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 28) 3900724l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 28) (mk_i32 3900724) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 29) (-2556880l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 29) (mk_i32 (-2556880)) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 30) 2071892l + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 30) (mk_i32 2071892) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - ntt_at_layer_2___round re (sz 31) (-2797779l) + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + ntt_at_layer_2___round re (mk_usize 31) (mk_i32 (-2797779)) in re let outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Folds.fold_range v_OFFSET (v_OFFSET +! v_STEP_BY <: usize) (fun re temp_1_ -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let _:usize = temp_1_ in true) re (fun re j -> - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = re in + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + re + in let j:usize = j in let tmp:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = re.[ j +! v_STEP_BY <: usize ] @@ -791,12 +1009,12 @@ let outer_3_plus let tmp:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = Libcrux_ml_dsa.Simd.Portable.Arithmetic.montgomery_multiply_by_constant tmp v_ZETA in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) (re.[ j ] <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re (j +! v_STEP_BY <: usize) (Libcrux_ml_dsa.Simd.Portable.Arithmetic.subtract (re.[ j +! v_STEP_BY <: usize ] @@ -806,7 +1024,7 @@ let outer_3_plus <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re j (Libcrux_ml_dsa.Simd.Portable.Arithmetic.add (re.[ j ] @@ -820,137 +1038,147 @@ let outer_3_plus in re -let ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 1) 2725464l re +let ntt_at_layer_3_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 1) (mk_i32 2725464) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 2) (sz 1) 1024112l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 2) (mk_usize 1) (mk_i32 1024112) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 4) (sz 1) (-1079900l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 1) (mk_i32 (-1079900)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 6) (sz 1) 3585928l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 6) (mk_usize 1) (mk_i32 3585928) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 1) (-549488l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 1) (mk_i32 (-549488)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 10) (sz 1) (-1119584l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 10) (mk_usize 1) (mk_i32 (-1119584)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 12) (sz 1) 2619752l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 1) (mk_i32 2619752) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 14) (sz 1) (-2108549l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 14) (mk_usize 1) (mk_i32 (-2108549)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 1) (-2118186l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 1) (mk_i32 (-2118186)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 18) (sz 1) (-3859737l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 18) (mk_usize 1) (mk_i32 (-3859737)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 20) (sz 1) (-1399561l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 1) (mk_i32 (-1399561)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 22) (sz 1) (-3277672l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 22) (mk_usize 1) (mk_i32 (-3277672)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 1) 1757237l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 1) (mk_i32 1757237) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 26) (sz 1) (-19422l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 26) (mk_usize 1) (mk_i32 (-19422)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 28) (sz 1) 4010497l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 1) (mk_i32 4010497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 30) (sz 1) 280005l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 30) (mk_usize 1) (mk_i32 280005) re in re -let ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 2) 1826347l re +let ntt_at_layer_4_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 2) (mk_i32 1826347) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 4) (sz 2) 2353451l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 4) (mk_usize 2) (mk_i32 2353451) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 2) (-359251l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 2) (mk_i32 (-359251)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 12) (sz 2) (-2091905l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 12) (mk_usize 2) (mk_i32 (-2091905)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 2) 3119733l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 2) (mk_i32 3119733) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 20) (sz 2) (-2884855l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 20) (mk_usize 2) (mk_i32 (-2884855)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 2) 3111497l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 2) (mk_i32 3111497) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 28) (sz 2) 2680103l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 28) (mk_usize 2) (mk_i32 2680103) re in re -let ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 4) 237124l re +let ntt_at_layer_5_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 4) (mk_i32 237124) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 8) (sz 4) (-777960l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 8) (mk_usize 4) (mk_i32 (-777960)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 4) (-876248l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 4) (mk_i32 (-876248)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 24) (sz 4) 466468l re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 24) (mk_usize 4) (mk_i32 466468) re in re -let ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 8) (-2608894l) re +let ntt_at_layer_6_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 8) (mk_i32 (-2608894)) re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 16) (sz 8) (-518909l) re + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 16) (mk_usize 8) (mk_i32 (-518909)) re in re -let ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = - outer_3_plus (sz 0) (sz 16) 25847l re +let ntt_at_layer_7_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = + outer_3_plus (mk_usize 0) (mk_usize 16) (mk_i32 25847) re in re -let ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) = - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = +let ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_7_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_6_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_5_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_4_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_3_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_2_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_1_ re in - let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + let re:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = ntt_at_layer_0_ re in re diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti index ba6b220e3..b785cd915 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti @@ -25,98 +25,106 @@ val simd_unit_ntt_at_layer_2_ (fun _ -> Prims.l_True) val ntt_at_layer_0___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_0_ zeta_1_ zeta_2_ zeta_3_: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_0_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_0_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val ntt_at_layer_1___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta_0_ zeta_1_: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_1_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_1_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val ntt_at_layer_2___round - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) (index: usize) (zeta: i32) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_2_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_2_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) val outer_3_plus (v_OFFSET v_STEP_BY: usize) (v_ZETA: i32) - (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -val ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_3_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_3___STEP: usize = sz 8 +let ntt_at_layer_3___STEP: usize = mk_usize 8 -let ntt_at_layer_3___STEP_BY: usize = sz 1 +let ntt_at_layer_3___STEP_BY: usize = mk_usize 1 -val ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_4_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_4___STEP: usize = sz 16 +let ntt_at_layer_4___STEP: usize = mk_usize 16 -let ntt_at_layer_4___STEP_BY: usize = sz 2 +let ntt_at_layer_4___STEP_BY: usize = mk_usize 2 -val ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_5_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_5___STEP: usize = sz 32 +let ntt_at_layer_5___STEP: usize = mk_usize 32 -let ntt_at_layer_5___STEP_BY: usize = sz 4 +let ntt_at_layer_5___STEP_BY: usize = mk_usize 4 -val ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_6_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_6___STEP: usize = sz 64 +let ntt_at_layer_6___STEP: usize = mk_usize 64 -let ntt_at_layer_6___STEP_BY: usize = sz 8 +let ntt_at_layer_6___STEP_BY: usize = mk_usize 8 -val ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt_at_layer_7_ + (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_7___STEP: usize = sz 128 +let ntt_at_layer_7___STEP: usize = mk_usize 128 -let ntt_at_layer_7___STEP_BY: usize = sz 16 +let ntt_at_layer_7___STEP_BY: usize = mk_usize 16 -val ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) +val ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst index 5eaf95b8b..2ed08361a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Sample.fst @@ -4,30 +4,33 @@ open Core open FStar.Mul let rejection_sample_less_than_field_modulus (randomness: t_Slice u8) (out: t_Slice i32) = - let sampled:usize = sz 0 in + let sampled:usize = mk_usize 0 in let out, sampled:(t_Slice i32 & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_ChunksExact u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (mk_usize 3) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Slice.Iter.t_ChunksExact u8) (out, sampled <: (t_Slice i32 & usize)) (fun temp_0_ bytes -> let out, sampled:(t_Slice i32 & usize) = temp_0_ in let bytes:t_Slice u8 = bytes in - let b0:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in - let b1:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in - let b2:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in + let b0:i32 = cast (bytes.[ mk_usize 0 ] <: u8) <: i32 in + let b1:i32 = cast (bytes.[ mk_usize 1 ] <: u8) <: i32 in + let b2:i32 = cast (bytes.[ mk_usize 2 ] <: u8) <: i32 in let coefficient:i32 = - (((b2 < let out, sampled:(t_Slice i32 & usize) = temp_0_ in let byte:u8 = byte in - let try_0_:u8 = byte &. 15uy in - let try_1_:u8 = byte >>! 4l in + let try_0_:u8 = byte &. mk_u8 15 in + let try_1_:u8 = byte >>! mk_i32 4 in let out, sampled:(t_Slice i32 & usize) = - if try_0_ <. 15uy + if try_0_ <. mk_u8 15 then let try_0_:i32 = cast (try_0_ <: u8) <: i32 in let try_0_mod_5_:i32 = - try_0_ -! (((try_0_ *! 26l <: i32) >>! 7l <: i32) *! 5l <: i32) + try_0_ -! (((try_0_ *! mk_i32 26 <: i32) >>! mk_i32 7 <: i32) *! mk_i32 5 <: i32) in let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (2l -! try_0_mod_5_ <: i32) + (mk_i32 2 -! try_0_mod_5_ <: i32) in - let sampled:usize = sampled +! sz 1 in + let sampled:usize = sampled +! mk_usize 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize) in - if try_1_ <. 15uy + if try_1_ <. mk_u8 15 then let try_1_:i32 = cast (try_1_ <: u8) <: i32 in let try_1_mod_5_:i32 = - try_1_ -! (((try_1_ *! 26l <: i32) >>! 7l <: i32) *! 5l <: i32) + try_1_ -! (((try_1_ *! mk_i32 26 <: i32) >>! mk_i32 7 <: i32) *! mk_i32 5 <: i32) in let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (2l -! try_1_mod_5_ <: i32) + (mk_i32 2 -! try_1_mod_5_ <: i32) in - let sampled:usize = sampled +! sz 1 in + let sampled:usize = sampled +! mk_usize 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize)) in @@ -84,7 +87,7 @@ let rejection_sample_less_than_eta_equals_2_ (randomness: t_Slice u8) (out: t_Sl out, hax_temp_output <: (t_Slice i32 & usize) let rejection_sample_less_than_eta_equals_4_ (randomness: t_Slice u8) (out: t_Slice i32) = - let sampled:usize = sz 0 in + let sampled:usize = mk_usize 0 in let out, sampled:(t_Slice i32 & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Iter u8) @@ -96,28 +99,28 @@ let rejection_sample_less_than_eta_equals_4_ (randomness: t_Slice u8) (out: t_Sl (fun temp_0_ byte -> let out, sampled:(t_Slice i32 & usize) = temp_0_ in let byte:u8 = byte in - let try_0_:u8 = byte &. 15uy in - let try_1_:u8 = byte >>! 4l in + let try_0_:u8 = byte &. mk_u8 15 in + let try_1_:u8 = byte >>! mk_i32 4 in let out, sampled:(t_Slice i32 & usize) = - if try_0_ <. 9uy + if try_0_ <. mk_u8 9 then let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (4l -! (cast (try_0_ <: u8) <: i32) <: i32) + (mk_i32 4 -! (cast (try_0_ <: u8) <: i32) <: i32) in - let sampled:usize = sampled +! sz 1 in + let sampled:usize = sampled +! mk_usize 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize) in - if try_1_ <. 9uy + if try_1_ <. mk_u8 9 then let out:t_Slice i32 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out sampled - (4l -! (cast (try_1_ <: u8) <: i32) <: i32) + (mk_i32 4 -! (cast (try_1_ <: u8) <: i32) <: i32) in - let sampled:usize = sampled +! sz 1 in + let sampled:usize = sampled +! mk_usize 1 in out, sampled <: (t_Slice i32 & usize) else out, sampled <: (t_Slice i32 & usize)) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst index 8ef8d81cb..81ecf0380 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fst @@ -15,7 +15,8 @@ val impl_1': Core.Marker.t_Copy t_Coefficients let impl_1 = impl_1' -let zero (_: Prims.unit) = { f_values = Rust_primitives.Hax.repeat 0l (sz 8) } <: t_Coefficients +let zero (_: Prims.unit) = + { f_values = Rust_primitives.Hax.repeat (mk_i32 0) (mk_usize 8) } <: t_Coefficients let from_coefficient_array (array: t_Slice i32) (out: t_Coefficients) = let out:t_Coefficients = @@ -26,7 +27,7 @@ let from_coefficient_array (array: t_Slice i32) (out: t_Coefficients) = Core.Slice.impl__copy_from_slice #i32 out.f_values (array.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT } <: diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti index 9084fe638..3f103eaac 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Vector_type.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_dsa.Simd.Portable.Vector_type open Core open FStar.Mul -type t_Coefficients = { f_values:t_Array i32 (sz 8) } +type t_Coefficients = { f_values:t_Array i32 (mk_usize 8) } [@@ FStar.Tactics.Typeclasses.tcinstance] val impl:Core.Clone.t_Clone t_Coefficients diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst index fb0e68113..c58120ff8 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst @@ -563,37 +563,46 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = out); f_ntt_pre = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) -> + (fun + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + -> true); f_ntt_post = (fun - (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) -> true); f_ntt = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) -> - let simd_units:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + (fun + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + -> + let simd_units:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) + = Libcrux_ml_dsa.Simd.Portable.Ntt.ntt simd_units in simd_units); f_invert_ntt_montgomery_pre = - (fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) -> + (fun + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + -> true); f_invert_ntt_montgomery_post = (fun - (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) - (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + (out: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) -> true); f_invert_ntt_montgomery = - fun (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32)) -> - let simd_units:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (sz 32) = + fun + (simd_units: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) + -> + let simd_units:t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32) = Libcrux_ml_dsa.Simd.Portable.Invntt.invert_ntt_montgomery simd_units in simd_units diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti index de175f072..0257fe6e4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti @@ -3,14 +3,14 @@ module Libcrux_ml_dsa.Simd.Traits open Core open FStar.Mul -let v_COEFFICIENTS_IN_SIMD_UNIT: usize = sz 8 +let v_COEFFICIENTS_IN_SIMD_UNIT: usize = mk_usize 8 let v_SIMD_UNITS_IN_RING_ELEMENT: usize = Libcrux_ml_dsa.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! v_COEFFICIENTS_IN_SIMD_UNIT -let v_FIELD_MODULUS: i32 = 8380417l +let v_FIELD_MODULUS: i32 = mk_i32 8380417 -let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u64 = 58728449uL +let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u64 = mk_u64 58728449 class t_Operations (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_13011033735201511749:Core.Marker.t_Copy v_Self; @@ -154,14 +154,14 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_t1_deserialize_pre x0 x1) (fun result -> f_t1_deserialize_post x0 x1 result); - f_ntt_pre:t_Array v_Self (sz 32) -> Type0; - f_ntt_post:t_Array v_Self (sz 32) -> t_Array v_Self (sz 32) -> Type0; - f_ntt:x0: t_Array v_Self (sz 32) - -> Prims.Pure (t_Array v_Self (sz 32)) (f_ntt_pre x0) (fun result -> f_ntt_post x0 result); - f_invert_ntt_montgomery_pre:t_Array v_Self (sz 32) -> Type0; - f_invert_ntt_montgomery_post:t_Array v_Self (sz 32) -> t_Array v_Self (sz 32) -> Type0; - f_invert_ntt_montgomery:x0: t_Array v_Self (sz 32) - -> Prims.Pure (t_Array v_Self (sz 32)) + f_ntt_pre:t_Array v_Self (mk_usize 32) -> Type0; + f_ntt_post:t_Array v_Self (mk_usize 32) -> t_Array v_Self (mk_usize 32) -> Type0; + f_ntt:x0: t_Array v_Self (mk_usize 32) + -> Prims.Pure (t_Array v_Self (mk_usize 32)) (f_ntt_pre x0) (fun result -> f_ntt_post x0 result); + f_invert_ntt_montgomery_pre:t_Array v_Self (mk_usize 32) -> Type0; + f_invert_ntt_montgomery_post:t_Array v_Self (mk_usize 32) -> t_Array v_Self (mk_usize 32) -> Type0; + f_invert_ntt_montgomery:x0: t_Array v_Self (mk_usize 32) + -> Prims.Pure (t_Array v_Self (mk_usize 32)) (f_invert_ntt_montgomery_pre x0) (fun result -> f_invert_ntt_montgomery_post x0 result) } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst index 41c19ffa2..a83cbc627 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Types.fst @@ -10,7 +10,7 @@ val impl_1': v_SIZE: usize -> Core.Clone.t_Clone (t_MLDSASigningKey v_SIZE) let impl_1 (v_SIZE: usize) = impl_1' v_SIZE let impl__zero (v_SIZE: usize) (_: Prims.unit) = - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MLDSASigningKey v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MLDSASigningKey v_SIZE let impl__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) = { f_value = value } <: t_MLDSASigningKey v_SIZE @@ -28,7 +28,7 @@ val impl_3': v_SIZE: usize -> Core.Clone.t_Clone (t_MLDSAVerificationKey v_SIZE) let impl_3 (v_SIZE: usize) = impl_3' v_SIZE let impl_2__zero (v_SIZE: usize) (_: Prims.unit) = - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MLDSAVerificationKey v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MLDSAVerificationKey v_SIZE let impl_2__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) = { f_value = value } <: t_MLDSAVerificationKey v_SIZE @@ -47,7 +47,7 @@ val impl_5': v_SIZE: usize -> Core.Clone.t_Clone (t_MLDSASignature v_SIZE) let impl_5 (v_SIZE: usize) = impl_5' v_SIZE let impl_4__zero (v_SIZE: usize) (_: Prims.unit) = - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MLDSASignature v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MLDSASignature v_SIZE let impl_4__new (v_SIZE: usize) (value: t_Array u8 v_SIZE) = { f_value = value } <: t_MLDSASignature v_SIZE @@ -60,10 +60,10 @@ let impl_4__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE let t_VerificationError_cast_to_repr (x: t_VerificationError) = match x <: t_VerificationError with - | VerificationError_MalformedHintError -> isz 0 - | VerificationError_SignerResponseExceedsBoundError -> isz 1 - | VerificationError_CommitmentHashesDontMatchError -> isz 3 - | VerificationError_VerificationContextTooLongError -> isz 6 + | VerificationError_MalformedHintError -> mk_isize 0 + | VerificationError_SignerResponseExceedsBoundError -> mk_isize 1 + | VerificationError_CommitmentHashesDontMatchError -> mk_isize 3 + | VerificationError_VerificationContextTooLongError -> mk_isize 6 [@@ FStar.Tactics.Typeclasses.tcinstance] assume @@ -73,8 +73,8 @@ let impl_6 = impl_6' let t_SigningError_cast_to_repr (x: t_SigningError) = match x <: t_SigningError with - | SigningError_RejectionSamplingError -> isz 0 - | SigningError_ContextTooLongError -> isz 1 + | SigningError_RejectionSamplingError -> mk_isize 0 + | SigningError_ContextTooLongError -> mk_isize 1 [@@ FStar.Tactics.Typeclasses.tcinstance] assume diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 42821ab3c..68f209579 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -7,9 +7,11 @@ let inz (value: u8) = let v__orig_value:u8 = value in let value:u16 = cast (value <: u8) <: u16 in let result:u8 = - cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l <: u16) <: u8 + cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! mk_i32 8 <: u16) + <: + u8 in - let res:u8 = result &. 1uy in + let res:u8 = result &. mk_u8 1 in let _:Prims.unit = if v v__orig_value = 0 then @@ -48,9 +50,9 @@ let inz (value: u8) = let is_non_zero (value: u8) = Core.Hint.black_box #u8 (inz value <: u8) let compare (lhs rhs: t_Slice u8) = - let (r: u8):u8 = 0uy in + let (r: u8):u8 = mk_u8 0 in let r:u8 = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #u8 lhs <: usize) (fun r i -> let r:u8 = r in @@ -105,18 +107,18 @@ let compare (lhs rhs: t_Slice u8) = #push-options "--ifuel 0 --z3rlimit 50" let select_ct (lhs rhs: t_Slice u8) (selector: u8) = - let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in + let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) (mk_u8 1) in let _:Prims.unit = assert (if selector = (mk_u8 0) then mask = ones else mask = zero); lognot_lemma mask; assert (if selector = (mk_u8 0) then ~.mask = zero else ~.mask = ones) in - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let out:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let out:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE (fun out i -> - let out:t_Array u8 (sz 32) = out in + let out:t_Array u8 (mk_usize 32) = out in let i:usize = i in v i <= v Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE /\ (forall j. @@ -127,7 +129,7 @@ let select_ct (lhs rhs: t_Slice u8) (selector: u8) = (forall j. j >= v i ==> Seq.index out j == (mk_u8 0))) out (fun out i -> - let out:t_Array u8 (sz 32) = out in + let out:t_Array u8 (mk_usize 32) = out in let i:usize = i in let _:Prims.unit = assert ((out.[ i ] <: u8) = (mk_u8 0)) in let outi:u8 = @@ -178,7 +180,7 @@ let select_ct (lhs rhs: t_Slice u8) (selector: u8) = (rhs.[ i ] <: u8)); assert (outi = (rhs.[ i ] <: u8))) in - let out:t_Array u8 (sz 32) = + let out:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i outi in out) @@ -192,7 +194,8 @@ let compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) = Core.Hint.black_box #u8 (compare lhs rhs <: u8) let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) = - Core.Hint.black_box #(t_Array u8 (sz 32)) (select_ct lhs rhs selector <: t_Array u8 (sz 32)) + Core.Hint.black_box #(t_Array u8 (mk_usize 32)) + (select_ct lhs rhs selector <: t_Array u8 (mk_usize 32)) let compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s rhs_s: t_Slice u8) = let selector:u8 = compare_ciphertexts_in_constant_time lhs_c rhs_c in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index 0e42ddf6c..21783ed00 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -35,13 +35,13 @@ val compare (lhs rhs: t_Slice u8) /// If `selector` is not zero, return the bytes in `rhs`; return the bytes in /// `lhs` otherwise. val select_ct (lhs rhs: t_Slice u8) (selector: u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize) && (Core.Slice.impl__len #u8 lhs <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in (selector == (mk_u8 0) ==> result == lhs) /\ (selector =!= (mk_u8 0) ==> result == rhs)) val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) @@ -53,24 +53,24 @@ val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) (lhs == rhs ==> result == (mk_u8 0)) /\ (lhs =!= rhs ==> result == (mk_u8 1))) val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize) && (Core.Slice.impl__len #u8 lhs <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in (selector == (mk_u8 0) ==> result == lhs) /\ (selector =!= (mk_u8 0) ==> result == rhs)) val compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s rhs_s: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires (Core.Slice.impl__len #u8 lhs_c <: usize) =. (Core.Slice.impl__len #u8 rhs_c <: usize) && (Core.Slice.impl__len #u8 lhs_s <: usize) =. (Core.Slice.impl__len #u8 rhs_s <: usize) && (Core.Slice.impl__len #u8 lhs_s <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in let selector = if lhs_c =. rhs_c then (mk_u8 0) else (mk_u8 1) in ((selector == (mk_u8 0) ==> result == lhs_s) /\ (selector =!= (mk_u8 0) ==> result == rhs_s))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti index e50920433..b8756c1b4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti @@ -4,24 +4,24 @@ open Core open FStar.Mul /// Each field element needs floor(log_2(FIELD_MODULUS)) + 1 = 12 bits to represent -let v_BITS_PER_COEFFICIENT: usize = sz 12 +let v_BITS_PER_COEFFICIENT: usize = mk_usize 12 /// Coefficients per ring element -let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 +let v_COEFFICIENTS_IN_RING_ELEMENT: usize = mk_usize 256 /// Bits required per (uncompressed) ring element -let v_BITS_PER_RING_ELEMENT: usize = v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12 +let v_BITS_PER_RING_ELEMENT: usize = v_COEFFICIENTS_IN_RING_ELEMENT *! mk_usize 12 /// Bytes required per (uncompressed) ring element -let v_BYTES_PER_RING_ELEMENT: usize = v_BITS_PER_RING_ELEMENT /! sz 8 +let v_BYTES_PER_RING_ELEMENT: usize = v_BITS_PER_RING_ELEMENT /! mk_usize 8 /// The size of an ML-KEM shared secret. -let v_SHARED_SECRET_SIZE: usize = sz 32 +let v_SHARED_SECRET_SIZE: usize = mk_usize 32 -let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 +let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = mk_usize 32 /// SHA3 256 digest size -let v_H_DIGEST_SIZE: usize = sz 32 +let v_H_DIGEST_SIZE: usize = mk_usize 32 /// SHA3 512 digest size -let v_G_DIGEST_SIZE: usize = sz 64 +let v_G_DIGEST_SIZE: usize = mk_usize 64 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fst index b35c46a25..506713817 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fst @@ -10,22 +10,22 @@ let t_Simd256Hash = t_Simd256Hash' assume val v_G': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) + -> Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) let v_G = v_G' assume val v_H': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) + -> Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) let v_H = v_H' @@ -42,7 +42,7 @@ val v_PRF': v_LEN: usize -> input: t_Slice u8 let v_PRF (v_LEN: usize) = v_PRF' v_LEN assume -val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K +val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (mk_usize 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -53,14 +53,14 @@ val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) let v_PRFxN (v_K v_LEN: usize) = v_PRFxN' v_K v_LEN assume -val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (sz 34)) v_K +val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (mk_usize 34)) v_K -> Prims.Pure t_Simd256Hash Prims.l_True (fun _ -> Prims.l_True) let shake128_init_absorb_final (v_K: usize) = shake128_init_absorb_final' v_K assume val shake128_squeeze_first_three_blocks': v_K: usize -> st: t_Simd256Hash - -> Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K) + -> Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -68,7 +68,7 @@ let shake128_squeeze_first_three_blocks (v_K: usize) = shake128_squeeze_first_th assume val shake128_squeeze_next_block': v_K: usize -> st: t_Simd256Hash - -> Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) + -> Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index d57a03f50..f4a19ebf3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -9,19 +9,19 @@ open FStar.Mul val t_Simd256Hash:eqtype val v_G (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 64)) + : Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) val v_H (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) val v_PRF (v_LEN: usize) (input: t_Slice u8) @@ -32,7 +32,7 @@ val v_PRF (v_LEN: usize) (input: t_Slice u8) let result:t_Array u8 v_LEN = result in result == Spec.Utils.v_PRF v_LEN input) -val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) +val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (mk_usize 33)) v_K) : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -40,16 +40,16 @@ val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) let result:t_Array (t_Array u8 v_LEN) v_K = result in result == Spec.Utils.v_PRFxN v_K v_LEN input) -val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (mk_usize 34)) v_K) : Prims.Pure t_Simd256Hash Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_first_three_blocks (v_K: usize) (st: t_Simd256Hash) - : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K) + : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_next_block (v_K: usize) (st: t_Simd256Hash) - : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) + : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fst index 71d96ffcd..6cc8b82cc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fst @@ -10,22 +10,22 @@ let t_Simd128Hash = t_Simd128Hash' assume val v_G': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) + -> Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) let v_G = v_G' assume val v_H': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) + -> Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) let v_H = v_H' @@ -42,7 +42,7 @@ val v_PRF': v_LEN: usize -> input: t_Slice u8 let v_PRF (v_LEN: usize) = v_PRF' v_LEN assume -val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K +val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (mk_usize 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -53,14 +53,14 @@ val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) let v_PRFxN (v_K v_LEN: usize) = v_PRFxN' v_K v_LEN assume -val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (sz 34)) v_K +val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (mk_usize 34)) v_K -> Prims.Pure t_Simd128Hash Prims.l_True (fun _ -> Prims.l_True) let shake128_init_absorb_final (v_K: usize) = shake128_init_absorb_final' v_K assume val shake128_squeeze_first_three_blocks': v_K: usize -> st: t_Simd128Hash - -> Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K) + -> Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -68,7 +68,7 @@ let shake128_squeeze_first_three_blocks (v_K: usize) = shake128_squeeze_first_th assume val shake128_squeeze_next_block': v_K: usize -> st: t_Simd128Hash - -> Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) + -> Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index 31ac2d75f..753acdf7d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -9,19 +9,19 @@ open FStar.Mul val t_Simd128Hash:eqtype val v_G (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 64)) + : Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) val v_H (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) val v_PRF (v_LEN: usize) (input: t_Slice u8) @@ -32,7 +32,7 @@ val v_PRF (v_LEN: usize) (input: t_Slice u8) let result:t_Array u8 v_LEN = result in result == Spec.Utils.v_PRF v_LEN input) -val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) +val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (mk_usize 33)) v_K) : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -40,16 +40,16 @@ val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) let result:t_Array (t_Array u8 v_LEN) v_K = result in result == Spec.Utils.v_PRFxN v_K v_LEN input) -val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (mk_usize 34)) v_K) : Prims.Pure t_Simd128Hash Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_first_three_blocks (v_K: usize) (st: t_Simd128Hash) - : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K) + : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_next_block (v_K: usize) (st: t_Simd128Hash) - : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) + : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fst index 688ad2278..e99c2bf48 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fst @@ -10,22 +10,22 @@ let t_PortableHash (v_K: usize) = t_PortableHash' v_K assume val v_G': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) + -> Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) let v_G = v_G' assume val v_H': input: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) + -> Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) let v_H = v_H' @@ -42,7 +42,7 @@ val v_PRF': v_LEN: usize -> input: t_Slice u8 let v_PRF (v_LEN: usize) = v_PRF' v_LEN assume -val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K +val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (mk_usize 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -53,14 +53,14 @@ val v_PRFxN': v_K: usize -> v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) let v_PRFxN (v_K v_LEN: usize) = v_PRFxN' v_K v_LEN assume -val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (sz 34)) v_K +val shake128_init_absorb_final': v_K: usize -> input: t_Array (t_Array u8 (mk_usize 34)) v_K -> Prims.Pure (t_PortableHash v_K) Prims.l_True (fun _ -> Prims.l_True) let shake128_init_absorb_final (v_K: usize) = shake128_init_absorb_final' v_K assume val shake128_squeeze_first_three_blocks': v_K: usize -> st: t_PortableHash v_K - -> Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K) + -> Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -68,7 +68,7 @@ let shake128_squeeze_first_three_blocks (v_K: usize) = shake128_squeeze_first_th assume val shake128_squeeze_next_block': v_K: usize -> st: t_PortableHash v_K - -> Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K) + -> Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti index 6d8dee682..d495f00c0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -9,19 +9,19 @@ open FStar.Mul val t_PortableHash (v_K: usize) : eqtype val v_G (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 64)) + : Prims.Pure (t_Array u8 (mk_usize 64)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 64) = result in + let result:t_Array u8 (mk_usize 64) = result in result == Spec.Utils.v_G input) val v_H (input: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.Utils.v_H input) val v_PRF (v_LEN: usize) (input: t_Slice u8) @@ -32,7 +32,7 @@ val v_PRF (v_LEN: usize) (input: t_Slice u8) let result:t_Array u8 v_LEN = result in result == Spec.Utils.v_PRF v_LEN input) -val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) +val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (mk_usize 33)) v_K) : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (requires v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) (ensures @@ -40,16 +40,16 @@ val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) let result:t_Array (t_Array u8 v_LEN) v_K = result in result == Spec.Utils.v_PRFxN v_K v_LEN input) -val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (mk_usize 34)) v_K) : Prims.Pure (t_PortableHash v_K) Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_first_three_blocks (v_K: usize) (st: t_PortableHash v_K) - : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K) + : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (mk_usize 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) val shake128_squeeze_next_block (v_K: usize) (st: t_PortableHash v_K) - : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K) + : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (mk_usize 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index cef2d8613..f2ec96f20 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -4,10 +4,10 @@ open Core open FStar.Mul /// The SHA3 block size. -let v_BLOCK_SIZE: usize = sz 168 +let v_BLOCK_SIZE: usize = mk_usize 168 /// The size of 3 SHA3 blocks. -let v_THREE_BLOCKS: usize = v_BLOCK_SIZE *! sz 3 +let v_THREE_BLOCKS: usize = v_BLOCK_SIZE *! mk_usize 3 /// Abstraction for the hashing, to pick the fastest version depending on the /// platform features available. @@ -17,53 +17,56 @@ let v_THREE_BLOCKS: usize = v_BLOCK_SIZE *! sz 3 /// - Portable class t_Hash (v_Self: Type0) (v_K: usize) = { f_G_pre:input: t_Slice u8 -> pred: Type0{true ==> pred}; - f_G_post:input: t_Slice u8 -> result: t_Array u8 (sz 64) + f_G_post:input: t_Slice u8 -> result: t_Array u8 (mk_usize 64) -> pred: Type0{pred ==> result == Spec.Utils.v_G input}; f_G:x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) (f_G_pre x0) (fun result -> f_G_post x0 result); + -> Prims.Pure (t_Array u8 (mk_usize 64)) (f_G_pre x0) (fun result -> f_G_post x0 result); f_H_pre:input: t_Slice u8 -> pred: Type0{true ==> pred}; - f_H_post:input: t_Slice u8 -> result: t_Array u8 (sz 32) + f_H_post:input: t_Slice u8 -> result: t_Array u8 (mk_usize 32) -> pred: Type0{pred ==> result == Spec.Utils.v_H input}; f_H:x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) (f_H_pre x0) (fun result -> f_H_post x0 result); + -> Prims.Pure (t_Array u8 (mk_usize 32)) (f_H_pre x0) (fun result -> f_H_post x0 result); f_PRF_pre:v_LEN: usize -> input: t_Slice u8 -> pred: Type0{v v_LEN < pow2 32 ==> pred}; f_PRF_post:v_LEN: usize -> input: t_Slice u8 -> result: t_Array u8 v_LEN -> pred: Type0{pred ==> v v_LEN < pow2 32 ==> result == Spec.Utils.v_PRF v_LEN input}; f_PRF:v_LEN: usize -> x0: t_Slice u8 -> Prims.Pure (t_Array u8 v_LEN) (f_PRF_pre v_LEN x0) (fun result -> f_PRF_post v_LEN x0 result); - f_PRFxN_pre:v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K + f_PRFxN_pre:v_LEN: usize -> input: t_Array (t_Array u8 (mk_usize 33)) v_K -> pred: Type0{v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4) ==> pred}; f_PRFxN_post: v_LEN: usize -> - input: t_Array (t_Array u8 (sz 33)) v_K -> + input: t_Array (t_Array u8 (mk_usize 33)) v_K -> result: t_Array (t_Array u8 v_LEN) v_K -> pred: Type0 { pred ==> (v v_LEN < pow2 32 /\ (v v_K == 2 \/ v v_K == 3 \/ v v_K == 4)) ==> result == Spec.Utils.v_PRFxN v_K v_LEN input }; - f_PRFxN:v_LEN: usize -> x0: t_Array (t_Array u8 (sz 33)) v_K + f_PRFxN:v_LEN: usize -> x0: t_Array (t_Array u8 (mk_usize 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (f_PRFxN_pre v_LEN x0) (fun result -> f_PRFxN_post v_LEN x0 result); - f_shake128_init_absorb_final_pre:input: t_Array (t_Array u8 (sz 34)) v_K + f_shake128_init_absorb_final_pre:input: t_Array (t_Array u8 (mk_usize 34)) v_K -> pred: Type0{true ==> pred}; - f_shake128_init_absorb_final_post:t_Array (t_Array u8 (sz 34)) v_K -> v_Self -> Type0; - f_shake128_init_absorb_final:x0: t_Array (t_Array u8 (sz 34)) v_K + f_shake128_init_absorb_final_post:t_Array (t_Array u8 (mk_usize 34)) v_K -> v_Self -> Type0; + f_shake128_init_absorb_final:x0: t_Array (t_Array u8 (mk_usize 34)) v_K -> Prims.Pure v_Self (f_shake128_init_absorb_final_pre x0) (fun result -> f_shake128_init_absorb_final_post x0 result); f_shake128_squeeze_first_three_blocks_pre:self___: v_Self -> pred: Type0{true ==> pred}; - f_shake128_squeeze_first_three_blocks_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 504)) v_K) + f_shake128_squeeze_first_three_blocks_post: + v_Self -> + (v_Self & t_Array (t_Array u8 (mk_usize 504)) v_K) -> Type0; f_shake128_squeeze_first_three_blocks:x0: v_Self - -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 504)) v_K) + -> Prims.Pure (v_Self & t_Array (t_Array u8 (mk_usize 504)) v_K) (f_shake128_squeeze_first_three_blocks_pre x0) (fun result -> f_shake128_squeeze_first_three_blocks_post x0 result); f_shake128_squeeze_next_block_pre:self___: v_Self -> pred: Type0{true ==> pred}; - f_shake128_squeeze_next_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 168)) v_K) -> Type0; + f_shake128_squeeze_next_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (mk_usize 168)) v_K) + -> Type0; f_shake128_squeeze_next_block:x0: v_Self - -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 168)) v_K) + -> Prims.Pure (v_Self & t_Array (t_Array u8 (mk_usize 168)) v_K) (f_shake128_squeeze_next_block_pre x0) (fun result -> f_shake128_squeeze_next_block_post x0 result) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst index d3c42e003..b13cf2de0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst @@ -76,7 +76,7 @@ let keypair_from_private_key let generate_keypair_avx2 (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) @@ -93,7 +93,7 @@ let generate_keypair_avx2 let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) @@ -118,7 +118,7 @@ let encapsulate_avx2 (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR @@ -132,7 +132,7 @@ let encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = encapsulate_avx2 v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti index 97a744e17..ff163b07e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti @@ -65,7 +65,7 @@ val keypair_from_private_key val generate_keypair_avx2 (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) @@ -83,7 +83,7 @@ val generate_keypair_avx2 val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) @@ -103,8 +103,9 @@ val encapsulate_avx2 (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -124,8 +125,9 @@ val encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -145,7 +147,7 @@ val decapsulate_avx2 Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -167,7 +169,7 @@ val decapsulate Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index 5aa8ec2e7..1cf6cf450 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -16,7 +16,7 @@ let _ = let generate_keypair_avx2 (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE @@ -26,7 +26,7 @@ let generate_keypair_avx2 let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = generate_keypair_avx2 v_K v_CPA_PRIVATE_KEY_SIZE @@ -83,7 +83,7 @@ let encapsulate_avx2 (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR @@ -95,7 +95,7 @@ let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = encapsulate_avx2 v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index f1a076348..873c3b509 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -17,7 +17,7 @@ let _ = val generate_keypair_avx2 (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -31,7 +31,7 @@ val generate_keypair_avx2 val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -95,8 +95,9 @@ val encapsulate_avx2 (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -114,8 +115,9 @@ val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -134,7 +136,7 @@ val decapsulate_avx2 usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -156,7 +158,7 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst index 793237fb4..82348ceed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst @@ -58,7 +58,7 @@ let keypair_from_private_key let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -79,7 +79,7 @@ let encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti index bdaffe833..29843af76 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti @@ -51,7 +51,7 @@ val keypair_from_private_key val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -74,8 +74,9 @@ val encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -97,7 +98,7 @@ val decapsulate Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 8df0f25e0..6f30d4a0c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -16,7 +16,7 @@ let _ = let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE @@ -58,7 +58,7 @@ let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index e0656541b..c0d2bf7c4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -17,7 +17,7 @@ let _ = val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -63,8 +63,9 @@ val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -84,7 +85,7 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst index b1d3208cb..fbda547ff 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst @@ -58,7 +58,7 @@ let keypair_from_private_key let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -79,7 +79,7 @@ let encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti index 61be48b3e..be4ebac24 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti @@ -51,7 +51,7 @@ val keypair_from_private_key val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -74,8 +74,9 @@ val encapsulate (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -97,7 +98,7 @@ val decapsulate Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 140aaad8b..e4a481daa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -16,7 +16,7 @@ let _ = let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE @@ -59,7 +59,7 @@ let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 07201e636..15ad16e20 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -17,7 +17,7 @@ let _ = val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -63,8 +63,9 @@ val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -84,7 +85,7 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index d5da4cbde..f59c3b220 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -26,7 +26,7 @@ let validate_private_key let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = if Libcrux_platform.Platform.simd256_support () then @@ -63,7 +63,7 @@ let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = if Libcrux_platform.Platform.simd256_support () then diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index 523eb4bd1..ff84c9a27 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -26,7 +26,7 @@ val validate_private_key val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -41,8 +41,9 @@ val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -61,7 +62,7 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index df129f377..9408ab305 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -88,7 +88,7 @@ let unpack_public_key unpacked_public_key.f_ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A = - Libcrux_ml_kem.Utils.into_padded_array (sz 32) + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 32) (public_key.Libcrux_ml_kem.Types.f_value.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } @@ -116,7 +116,7 @@ let unpack_public_key #v_Vector #v_Hasher unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) + (Libcrux_ml_kem.Utils.into_padded_array (mk_usize 34) (public_key.Libcrux_ml_kem.Types.f_value.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } @@ -125,7 +125,7 @@ let unpack_public_key <: t_Slice u8) <: - t_Array u8 (sz 34)) + t_Array u8 (mk_usize 34)) false } <: @@ -219,7 +219,7 @@ let impl v_Vector) #FStar.Tactics.Typeclasses.solve (); - f_public_key_hash = Rust_primitives.Hax.repeat 0uy (sz 32) + f_public_key_hash = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) } <: t_MlKemPublicKeyUnpacked v_K v_Vector @@ -509,7 +509,7 @@ let impl_1 v_Vector) #FStar.Tactics.Typeclasses.solve (); - f_implicit_rejection_value = Rust_primitives.Hax.repeat 0uy (sz 32) + f_implicit_rejection_value = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) } <: t_MlKemPrivateKeyUnpacked v_K v_Vector; @@ -588,7 +588,7 @@ let transpose_a t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun v_A i -> let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -611,7 +611,7 @@ let transpose_a (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = v_A in - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun v_A j -> let v_A:t_Array @@ -671,12 +671,12 @@ let generate_keypair i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: t_MlKemKeyPairUnpacked v_K v_Vector) = let ind_cpa_keypair_randomness:t_Slice u8 = randomness.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE } <: @@ -817,14 +817,14 @@ let generate_keypair out.f_private_key with f_implicit_rejection_value = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + Core.Result.impl__unwrap #(t_Array u8 (mk_usize 32)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) + #(t_Array u8 (mk_usize 32)) #FStar.Tactics.Typeclasses.solve implicit_rejection_value <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array u8 (mk_usize 32)) Core.Array.t_TryFromSliceError) } <: t_MlKemPrivateKeyUnpacked v_K v_Vector @@ -847,7 +847,7 @@ let encapsulate i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = let _:Prims.unit = Lib.Sequence.eq_intro #u8 @@ -855,10 +855,10 @@ let encapsulate (Seq.slice (Libcrux_ml_kem.Utils.into_padded_array (sz 64) randomness) 0 32) randomness in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) + let (to_hash: t_Array u8 (mk_usize 64)):t_Array u8 (mk_usize 64) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 64) (randomness <: t_Slice u8) in - let to_hash:t_Array u8 (sz 64) = + let to_hash:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } <: @@ -876,7 +876,7 @@ let encapsulate let _:Prims.unit = Lib.Sequence.eq_intro #u8 #64 to_hash (concat randomness public_key.f_public_key_hash) in - let hashed:t_Array u8 (sz 64) = + let hashed:t_Array u8 (mk_usize 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve @@ -893,8 +893,10 @@ let encapsulate v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher public_key.f_ind_cpa_public_key randomness pseudorandomness in - let shared_secret_array:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let shared_secret_array:t_Array u8 (sz 32) = + let shared_secret_array:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) + in + let shared_secret_array:t_Array u8 (mk_usize 32) = Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret in Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) @@ -903,7 +905,7 @@ let encapsulate ciphertext, shared_secret_array <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) #push-options "--z3rlimit 200 --ext context_pruning --z3refresh" @@ -929,7 +931,7 @@ let decapsulate 32 * v (Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K)); assert (v (Spec.MLKEM.v_C2_SIZE v_K) == 32 * v (Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K)) in - let decrypted:t_Array u8 (sz 32) = + let decrypted:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K v_CIPHERTEXT_SIZE v_C1_SIZE @@ -939,11 +941,11 @@ let decapsulate key_pair.f_private_key.f_ind_cpa_private_key ciphertext.Libcrux_ml_kem.Types.f_value in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) + let (to_hash: t_Array u8 (mk_usize 64)):t_Array u8 (mk_usize 64) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 64) (decrypted <: t_Slice u8) in let _:Prims.unit = Lib.Sequence.eq_intro #u8 #32 (Seq.slice to_hash 0 32) decrypted in - let to_hash:t_Array u8 (sz 64) = + let to_hash:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: @@ -961,7 +963,7 @@ let decapsulate let _:Prims.unit = Lib.Sequence.lemma_concat2 32 decrypted 32 key_pair.f_public_key.f_public_key_hash to_hash in - let hashed:t_Array u8 (sz 64) = + let hashed:t_Array u8 (mk_usize 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve @@ -1010,11 +1012,11 @@ let decapsulate ciphertext.f_value to_hash in - let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + let (implicit_rejection_shared_secret: t_Array u8 (mk_usize 32)):t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (sz 32) + (mk_usize 32) (to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index e3a802c64..6ea0e7eda 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -20,7 +20,7 @@ type t_MlKemPrivateKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_ind_cpa_private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector; - f_implicit_rejection_value:t_Array u8 (sz 32) + f_implicit_rejection_value:t_Array u8 (mk_usize 32) } /// An unpacked ML-KEM IND-CCA Private Key @@ -28,7 +28,7 @@ type t_MlKemPublicKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_ind_cpa_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector; - f_public_key_hash:t_Array u8 (sz 32) + f_public_key_hash:t_Array u8 (mk_usize 32) } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -330,7 +330,7 @@ val generate_keypair {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (out: t_MlKemKeyPairUnpacked v_K v_Vector) : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) (requires @@ -358,8 +358,9 @@ val encapsulate {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -374,7 +375,7 @@ val encapsulate fun temp_0_ -> let ciphertext_result, shared_secret_array:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & - t_Array u8 (sz 32)) = + t_Array u8 (mk_usize 32)) = temp_0_ in let ciphertext, shared_secret = @@ -398,7 +399,7 @@ val decapsulate {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ @@ -412,7 +413,7 @@ val decapsulate v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.MLKEM.ind_cca_unpack_decapsulate v_K key_pair.f_public_key.f_public_key_hash diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 9033af6e0..16d98e990 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -23,7 +23,7 @@ let serialize_kem_secret_key_mut (private_key public_key implicit_rejection_value: t_Slice u8) (serialized: t_Array u8 v_SERIALIZED_KEY_LEN) = - let pointer:usize = sz 0 in + let pointer:usize = mk_usize 0 in let serialized:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -172,7 +172,9 @@ let serialize_kem_secret_key Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (private_key public_key implicit_rejection_value: t_Slice u8) = - let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in + let out:t_Array u8 v_SERIALIZED_KEY_LEN = + Rust_primitives.Hax.repeat (mk_u8 0) v_SERIALIZED_KEY_LEN + in let out:t_Array u8 v_SERIALIZED_KEY_LEN = serialize_kem_secret_key_mut v_K v_SERIALIZED_KEY_LEN @@ -227,13 +229,13 @@ let validate_private_key_only Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) = - let t:t_Array u8 (sz 32) = + let t:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve (private_key.Libcrux_ml_kem.Types.f_value.[ { - Core.Ops.Range.f_start = sz 384 *! v_K <: usize; - Core.Ops.Range.f_end = (sz 768 *! v_K <: usize) +! sz 32 <: usize + Core.Ops.Range.f_start = mk_usize 384 *! v_K <: usize; + Core.Ops.Range.f_end = (mk_usize 768 *! v_K <: usize) +! mk_usize 32 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -242,8 +244,8 @@ let validate_private_key_only in let expected:t_Slice u8 = private_key.Libcrux_ml_kem.Types.f_value.[ { - Core.Ops.Range.f_start = (sz 768 *! v_K <: usize) +! sz 32 <: usize; - Core.Ops.Range.f_end = (sz 768 *! v_K <: usize) +! sz 64 <: usize + Core.Ops.Range.f_start = (mk_usize 768 *! v_K <: usize) +! mk_usize 32 <: usize; + Core.Ops.Range.f_end = (mk_usize 768 *! v_K <: usize) +! mk_usize 64 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -279,11 +281,11 @@ let generate_keypair i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) = let ind_cpa_keypair_randomness:t_Slice u8 = randomness.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE } <: @@ -343,20 +345,20 @@ let encapsulate Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - let randomness:t_Array u8 (sz 32) = + let randomness:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Variant.f_entropy_preprocess #v_Scheme #FStar.Tactics.Typeclasses.solve v_K #v_Hasher (randomness <: t_Slice u8) in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) + let (to_hash: t_Array u8 (mk_usize 64)):t_Array u8 (mk_usize 64) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 64) (randomness <: t_Slice u8) in let _:Prims.unit = eq_intro (Seq.slice to_hash 0 32) randomness in - let to_hash:t_Array u8 (sz 64) = + let to_hash:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } <: @@ -381,7 +383,7 @@ let encapsulate lemma_slice_append to_hash randomness (Spec.Utils.v_H public_key.f_value); assert (to_hash == concat randomness (Spec.Utils.v_H public_key.f_value)) in - let hashed:t_Array u8 (sz 64) = + let hashed:t_Array u8 (mk_usize 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve @@ -405,7 +407,7 @@ let encapsulate #FStar.Tactics.Typeclasses.solve ciphertext in - let shared_secret_array:t_Array u8 (sz 32) = + let shared_secret_array:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Variant.f_kdf #v_Scheme #FStar.Tactics.Typeclasses.solve v_K @@ -416,7 +418,7 @@ let encapsulate in ciphertext, shared_secret_array <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) #pop-options @@ -463,7 +465,7 @@ let decapsulate (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Spec.MLKEM.v_H_DIGEST_SIZE) (length private_key.f_value)) in - let decrypted:t_Array u8 (sz 32) = + let decrypted:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Ind_cpa.decrypt v_K v_CIPHERTEXT_SIZE v_C1_SIZE @@ -473,11 +475,11 @@ let decapsulate ind_cpa_secret_key ciphertext.Libcrux_ml_kem.Types.f_value in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) + let (to_hash: t_Array u8 (mk_usize 64)):t_Array u8 (mk_usize 64) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 64) (decrypted <: t_Slice u8) in let _:Prims.unit = eq_intro (Seq.slice to_hash 0 32) decrypted in - let to_hash:t_Array u8 (sz 64) = + let to_hash:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: @@ -497,7 +499,7 @@ let decapsulate assert (decrypted == Spec.MLKEM.ind_cpa_decrypt v_K ind_cpa_secret_key ciphertext.f_value); assert (to_hash == concat decrypted ind_cpa_public_key_hash) in - let hashed:t_Array u8 (sz 64) = + let hashed:t_Array u8 (mk_usize 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve @@ -549,11 +551,11 @@ let decapsulate assert (i4.f_PRF_pre (sz 32) to_hash); lemma_slice_append to_hash implicit_rejection_value ciphertext.f_value in - let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + let (implicit_rejection_shared_secret: t_Array u8 (mk_usize 32)):t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (sz 32) + (mk_usize 32) (to_hash <: t_Slice u8) in let _:Prims.unit = @@ -566,7 +568,7 @@ let decapsulate v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher ind_cpa_public_key decrypted pseudorandomness in - let implicit_rejection_shared_secret:t_Array u8 (sz 32) = + let implicit_rejection_shared_secret:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Variant.f_kdf #v_Scheme #FStar.Tactics.Typeclasses.solve v_K @@ -575,7 +577,7 @@ let decapsulate (implicit_rejection_shared_secret <: t_Slice u8) ciphertext in - let shared_secret:t_Array u8 (sz 32) = + let shared_secret:t_Array u8 (mk_usize 32) = Libcrux_ml_kem.Variant.f_kdf #v_Scheme #FStar.Tactics.Typeclasses.solve v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 25ee9ff33..8e73d0c5a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -115,7 +115,7 @@ val generate_keypair {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -140,8 +140,9 @@ val encapsulate {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ @@ -155,8 +156,8 @@ val encapsulate v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K) (ensures fun result -> - let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - = + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & + t_Array u8 (mk_usize 32)) = result in let expected, valid = Spec.MLKEM.ind_cca_encapsulate v_K public_key.f_value randomness in @@ -172,7 +173,7 @@ val decapsulate {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ @@ -189,7 +190,7 @@ val decapsulate v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in let expected, valid = Spec.MLKEM.ind_cca_decapsulate v_K private_key.f_value ciphertext.f_value in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst index b4b47e483..158cabd67 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst @@ -74,7 +74,7 @@ let impl_1 <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; - f_seed_for_A = Rust_primitives.Hax.repeat 0uy (sz 32); + f_seed_for_A = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32); f_A = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti index d4d516027..01b734880 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti @@ -26,7 +26,7 @@ type t_IndCpaPublicKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; - f_seed_for_A:t_Array u8 (sz 32); + f_seed_for_A:t_Array u8 (mk_usize 32); f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index ef045a166..cf7a49d91 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -23,7 +23,7 @@ let serialize_secret_key (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let _:Prims.unit = assert_norm (Spec.MLKEM.polynomial_d 12 == Spec.MLKEM.polynomial) in - let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat (mk_u8 0) v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Folds.fold_enumerated_slice key (fun out i -> @@ -53,7 +53,9 @@ let serialize_secret_key i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize + (i +! mk_usize 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + <: + usize } <: Core.Ops.Range.t_Range usize) @@ -64,7 +66,8 @@ let serialize_secret_key i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + (i +! mk_usize 1 <: usize) *! + Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize } @@ -126,12 +129,15 @@ let serialize_public_key_mut = let serialized:t_Array u8 v_PUBLIC_KEY_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } + ({ + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT + } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: @@ -179,7 +185,7 @@ let serialize_public_key (seed_for_a: t_Slice u8) = let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE + Rust_primitives.Hax.repeat (mk_u8 0) v_PUBLIC_KEY_SIZE in let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = serialize_public_key_mut v_K @@ -254,7 +260,7 @@ let sample_ring_element_cbd (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) = let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -266,12 +272,14 @@ let sample_ring_element_cbd <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in + let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = + Rust_primitives.Hax.repeat prf_input v_K + in let v__domain_separator_init:u8 = domain_separator in - let tmp0, out:(t_Array (t_Array u8 (sz 33)) v_K & u8) = + let tmp0, out:(t_Array (t_Array u8 (mk_usize 33)) v_K & u8) = Libcrux_ml_kem.Utils.prf_input_inc v_K prf_inputs domain_separator in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = tmp0 in + let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = tmp0 in let domain_separator:u8 = out in let _:Prims.unit = sample_ring_element_cbd_helper_1 v_K prf_inputs prf_input v__domain_separator_init @@ -285,7 +293,7 @@ let sample_ring_element_cbd prf_inputs in let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun error_1_ i -> let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -393,15 +401,17 @@ let sample_vector_cbd_then_ntt i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) = - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in + let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = + Rust_primitives.Hax.repeat prf_input v_K + in let v__domain_separator_init:u8 = domain_separator in - let tmp0, out:(t_Array (t_Array u8 (sz 33)) v_K & u8) = + let tmp0, out:(t_Array (t_Array u8 (mk_usize 33)) v_K & u8) = Libcrux_ml_kem.Utils.prf_input_inc v_K prf_inputs domain_separator in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = tmp0 in + let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = tmp0 in let domain_separator:u8 = out in let _:Prims.unit = sample_vector_cbd_then_ntt_helper_1 v_K prf_inputs prf_input v__domain_separator_init @@ -415,7 +425,7 @@ let sample_vector_cbd_then_ntt prf_inputs in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun re_as_ntt i -> let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -477,7 +487,7 @@ let sample_vector_cbd_then_ntt_out (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) = let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -521,7 +531,7 @@ let generate_keypair_unpacked (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = - let hashed:t_Array u8 (sz 64) = + let hashed:t_Array u8 (mk_usize 64) = Libcrux_ml_kem.Variant.f_cpa_keygen_seed #v_Scheme #FStar.Tactics.Typeclasses.solve v_K @@ -529,7 +539,7 @@ let generate_keypair_unpacked key_generation_seed in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) + Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (mk_usize 32) in let _:Prims.unit = Lib.Sequence.eq_intro #u8 @@ -546,7 +556,8 @@ let generate_keypair_unpacked #v_Vector #v_Hasher public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) + (Libcrux_ml_kem.Utils.into_padded_array (mk_usize 34) seed_for_A <: t_Array u8 (mk_usize 34) + ) true } <: @@ -556,8 +567,8 @@ let generate_keypair_unpacked let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in assert (valid ==> matrix_A_as_ntt == Libcrux_ml_kem.Polynomial.to_spec_matrix_t public_key.f_A) in - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error + let (prf_input: t_Array u8 (mk_usize 33)):t_Array u8 (mk_usize 33) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 33) seed_for_secret_and_error in let _:Prims.unit = Lib.Sequence.eq_intro #u8 #32 seed_for_secret_and_error (Seq.slice prf_input 0 32) @@ -570,7 +581,7 @@ let generate_keypair_unpacked #v_Hasher private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt prf_input - 0uy + (mk_u8 0) in let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = { private_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = tmp0 } @@ -608,14 +619,14 @@ let generate_keypair_unpacked public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + Core.Result.impl__unwrap #(t_Array u8 (mk_usize 32)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) + #(t_Array u8 (mk_usize 32)) #FStar.Tactics.Typeclasses.solve seed_for_A <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array u8 (mk_usize 32)) Core.Array.t_TryFromSliceError) } <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector @@ -776,7 +787,7 @@ let compress_then_serialize_u Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize + (i +! mk_usize 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize } <: Core.Ops.Range.t_Range usize) @@ -785,7 +796,7 @@ let compress_then_serialize_u Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; Core.Ops.Range.f_end = - (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize + (i +! mk_usize 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize } <: Core.Ops.Range.t_Range usize ] @@ -840,11 +851,11 @@ let encrypt_unpacked i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) - (message: t_Array u8 (sz 32)) + (message: t_Array u8 (mk_usize 32)) (randomness: t_Slice u8) = - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness + let (prf_input: t_Array u8 (mk_usize 33)):t_Array u8 (mk_usize 33) = + Libcrux_ml_kem.Utils.into_padded_array (mk_usize 33) randomness in let r_as_ntt, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & @@ -855,7 +866,7 @@ let encrypt_unpacked #v_Vector #v_Hasher prf_input - 0uy + (mk_u8 0) in let _:Prims.unit = Lib.Sequence.eq_intro #u8 #32 randomness (Seq.slice prf_input 0 32); @@ -872,8 +883,10 @@ let encrypt_unpacked prf_input domain_separator in - let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator + let prf_input:t_Array u8 (mk_usize 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input + (mk_usize 32) + domain_separator in let _:Prims.unit = assert (Seq.equal prf_input (Seq.append randomness (Seq.create 1 domain_separator))); @@ -915,10 +928,12 @@ let encrypt_unpacked assert (v_CIPHERTEXT_SIZE == v_C1_LEN +! v_C2_LEN); assert (v_C1_LEN <=. v_CIPHERTEXT_SIZE) in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.repeat 0uy v_CIPHERTEXT_SIZE in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Rust_primitives.Hax.repeat (mk_u8 0) v_CIPHERTEXT_SIZE + in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range ciphertext - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = v_C1_LEN } <: Core.Ops.Range.t_Range usize) (compress_then_serialize_u v_K @@ -927,7 +942,7 @@ let encrypt_unpacked v_BLOCK_LEN #v_Vector u - (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + (ciphertext.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = v_C1_LEN } <: Core.Ops.Range.t_Range usize ] <: @@ -1007,7 +1022,7 @@ let build_unpacked_public_key_mut #v_Vector #v_Hasher unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + (Libcrux_ml_kem.Utils.into_padded_array (mk_usize 34) seed <: t_Array u8 (mk_usize 34)) false } <: @@ -1054,7 +1069,7 @@ let encrypt i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (public_key: t_Slice u8) - (message: t_Array u8 (sz 32)) + (message: t_Array u8 (mk_usize 32)) (randomness: t_Slice u8) = let _:Prims.unit = reveal_opaque (`%Spec.MLKEM.ind_cpa_encrypt) Spec.MLKEM.ind_cpa_encrypt in @@ -1096,7 +1111,7 @@ let deserialize_then_decompress_u v_U_COMPRESSION_FACTOR <: usize) /! - sz 8 + mk_usize 8 <: usize) (ciphertext <: t_Slice u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 934e1bd89..4759bf3b3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -84,7 +84,7 @@ val sample_ring_element_cbd (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) (requires @@ -109,7 +109,7 @@ val sample_vector_cbd_then_ntt {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) (requires @@ -138,7 +138,7 @@ val sample_vector_cbd_then_ntt_out (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (prf_input: t_Array u8 (sz 33)) + (prf_input: t_Array u8 (mk_usize 33)) (domain_separator: u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) (requires @@ -333,7 +333,7 @@ val encrypt_unpacked {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) - (message: t_Array u8 (sz 32)) + (message: t_Array u8 (mk_usize 32)) (randomness: t_Slice u8) : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) (requires @@ -414,7 +414,7 @@ val encrypt {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: t_Slice u8) - (message: t_Array u8 (sz 32)) + (message: t_Array u8 (mk_usize 32)) (randomness: t_Slice u8) : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) (requires @@ -496,7 +496,7 @@ val decrypt_unpacked {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (secret_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ @@ -504,7 +504,7 @@ val decrypt_unpacked v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.MLKEM.ind_cpa_decrypt_unpacked v_K ciphertext @@ -517,7 +517,7 @@ val decrypt {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ @@ -526,5 +526,5 @@ val decrypt v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.MLKEM.ind_cpa_decrypt v_K secret_key ciphertext) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index ac4b10e1b..aff441ba5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -23,8 +23,8 @@ let invert_ntt_at_layer_1_ let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -46,7 +46,7 @@ let invert_ntt_at_layer_1_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i -! sz 1 in + let zeta_i:usize = zeta_i -! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (4 * 3328) @@ -64,16 +64,16 @@ let invert_ntt_at_layer_1_ #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 1 <: usize) <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 2 <: usize) <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 3 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! mk_usize 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! mk_usize 2 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! mk_usize 3 <: usize) <: i16) <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in - let zeta_i:usize = zeta_i -! sz 3 in + let zeta_i:usize = zeta_i -! mk_usize 3 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque 3328 @@ -102,8 +102,8 @@ let invert_ntt_at_layer_2_ let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -125,7 +125,7 @@ let invert_ntt_at_layer_2_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i -! sz 1 in + let zeta_i:usize = zeta_i -! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque 3328 @@ -143,14 +143,14 @@ let invert_ntt_at_layer_2_ #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! sz 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i -! mk_usize 1 <: usize) <: i16) <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in - let zeta_i:usize = zeta_i -! sz 1 in + let zeta_i:usize = zeta_i -! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque 3328 @@ -179,8 +179,8 @@ let invert_ntt_at_layer_3_ let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -202,7 +202,7 @@ let invert_ntt_at_layer_3_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i -! sz 1 in + let zeta_i:usize = zeta_i -! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque 3328 @@ -272,10 +272,10 @@ let invert_ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer: usize) = - let step:usize = sz 1 <>! layer <: usize) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 128 >>! layer <: usize) (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -288,8 +288,8 @@ let invert_ntt_at_layer_4_plus temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i -! sz 1 in - let offset:usize = (round *! step <: usize) *! sz 2 in + let zeta_i:usize = zeta_i -! mk_usize 1 in + let offset:usize = (round *! step <: usize) *! mk_usize 2 in let offset_vec:usize = offset /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in @@ -355,7 +355,7 @@ let invert_ntt_montgomery Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let zeta_i:usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in + let zeta_i:usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! mk_usize 2 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = invert_ntt_at_layer_1_ #v_Vector zeta_i re in @@ -375,25 +375,25 @@ let invert_ntt_montgomery let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 4) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 5) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 6) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 7) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 7) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 4e0739b87..c0fe46211 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -21,12 +21,12 @@ let sample_matrix_A Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (v_A_transpose: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) - (seed: t_Array u8 (sz 34)) + (seed: t_Array u8 (mk_usize 34)) (transpose: bool) = let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun v_A_transpose temp_1_ -> let v_A_transpose:t_Array @@ -42,39 +42,39 @@ let sample_matrix_A v_A_transpose in let i:usize = i in - let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in - let seeds:t_Array (t_Array u8 (sz 34)) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = Rust_primitives.Hax.repeat seed v_K in + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun seeds temp_1_ -> - let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = seeds in let _:usize = temp_1_ in true) seeds (fun seeds j -> - let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = seeds in let j:usize = j in - let seeds:t_Array (t_Array u8 (sz 34)) v_K = + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seeds j (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (seeds.[ j ] <: - t_Array u8 (sz 34)) - (sz 32) + t_Array u8 (mk_usize 34)) + (mk_usize 32) (cast (i <: usize) <: u8) <: - t_Array u8 (sz 34)) + t_Array u8 (mk_usize 34)) in - let seeds:t_Array (t_Array u8 (sz 34)) v_K = + let seeds:t_Array (t_Array u8 (mk_usize 34)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seeds j (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (seeds.[ j ] <: - t_Array u8 (sz 34)) - (sz 33) + t_Array u8 (mk_usize 34)) + (mk_usize 33) (cast (j <: usize) <: u8) <: - t_Array u8 (sz 34)) + t_Array u8 (mk_usize 34)) in seeds) in @@ -153,7 +153,7 @@ let compute_message Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun result temp_1_ -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -198,7 +198,7 @@ let compute_ring_element_v Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun result temp_1_ -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 13f83c59a..4db1f3975 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -17,7 +17,7 @@ val sample_matrix_A {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (v_A_transpose: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) - (seed: t_Array u8 (sz 34)) + (seed: t_Array u8 (mk_usize 34)) (transpose: bool) : Prims.Pure (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst index 58d47cc4a..087bcbd43 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst @@ -12,28 +12,28 @@ let _ = () let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) public_key serialized in @@ -41,30 +41,30 @@ let serialized_public_key let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair serialized in @@ -72,15 +72,15 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair serialized in @@ -88,80 +88,80 @@ let key_pair_serialized_public_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 4) - (sz 3168) - (sz 1536) - (sz 1568) - (sz 1536) - (sz 1536) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1536) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 1536) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 4) - (sz 1536) - (sz 1536) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1536) + (mk_usize 1568) public_key unpacked_public_key in unpacked_public_key let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = generate_key_pair_mut randomness key_pair in @@ -169,20 +169,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti index 0b733d36a..89285a5c8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -14,22 +14,22 @@ let _ = /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -42,29 +42,29 @@ val serialized_public_key /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -77,9 +77,9 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -91,38 +91,38 @@ val key_pair_serialized_public_key /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) let _ = @@ -140,10 +140,10 @@ let _ = /// val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -153,7 +153,7 @@ val encapsulate /// and an [`MlKem1024Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index 13b91e9f3..ee14b4fdf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -3,46 +3,50 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) - (sz 1536) - (sz 1568) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1568) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 4) - (sz 3168) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1568) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 4) (sz 3168) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (mk_usize 4) + (mk_usize 3168) + private_key -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) - (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index f9eaab872..dd3e5a097 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -5,24 +5,24 @@ open FStar.Mul /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +31,9 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -41,6 +41,6 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst index d0bffad7c..947d872d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst @@ -12,28 +12,28 @@ let _ = () let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) public_key serialized in @@ -41,30 +41,30 @@ let serialized_public_key let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair serialized in @@ -72,15 +72,15 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair serialized in @@ -88,80 +88,80 @@ let key_pair_serialized_public_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 4) - (sz 3168) - (sz 1536) - (sz 1568) - (sz 1536) - (sz 1536) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1536) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 1536) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 4) - (sz 1536) - (sz 1536) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1536) + (mk_usize 1568) public_key unpacked_public_key in unpacked_public_key let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = generate_key_pair_mut randomness key_pair in @@ -169,20 +169,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti index cf49202bc..223ba7022 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -14,7 +14,7 @@ let _ = /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -22,7 +22,7 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -30,10 +30,10 @@ val init_public_key: Prims.unit /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -46,29 +46,29 @@ val serialized_public_key /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -81,9 +81,9 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -95,44 +95,44 @@ val key_pair_serialized_public_key /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -152,10 +152,10 @@ let _ = /// val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -165,7 +165,7 @@ val encapsulate /// and an [`MlKem1024Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index 3e33b4827..4affb4272 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -3,46 +3,50 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) - (sz 1536) - (sz 1568) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1568) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 4) - (sz 3168) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1568) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 4) (sz 3168) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (mk_usize 4) + (mk_usize 3168) + private_key -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) - (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index c4e505237..392766d7b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -5,24 +5,24 @@ open FStar.Mul /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +31,9 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -41,6 +41,6 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst index a4291d768..4b54a59e2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst @@ -12,28 +12,28 @@ let _ = () let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) public_key serialized in @@ -41,30 +41,30 @@ let serialized_public_key let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) key_pair serialized in @@ -72,15 +72,15 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 4) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair serialized in @@ -88,80 +88,80 @@ let key_pair_serialized_public_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 1568) + (mk_usize 1536) + (mk_usize 1568) key_pair let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 4) - (sz 3168) - (sz 1536) - (sz 1568) - (sz 1536) - (sz 1536) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1536) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 1536) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 4) - (sz 1536) - (sz 1536) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1536) + (mk_usize 1568) public_key unpacked_public_key in unpacked_public_key let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = generate_key_pair_mut randomness key_pair in @@ -169,20 +169,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti index 10aeb2dd1..08eb4ee09 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -14,7 +14,7 @@ let _ = /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -22,7 +22,7 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -30,10 +30,10 @@ val init_public_key: Prims.unit /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -46,29 +46,29 @@ val serialized_public_key /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -81,9 +81,9 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (requires forall (i: nat). i < 4 ==> @@ -95,44 +95,44 @@ val key_pair_serialized_public_key /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -152,10 +152,10 @@ let _ = /// val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -165,7 +165,7 @@ val encapsulate /// and an [`MlKem1024Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index 766cdb831..089730d3e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -3,48 +3,50 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) - (sz 1536) - (sz 1568) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1568) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 4) - (sz 3168) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1568) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 4) - (sz 3168) +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (mk_usize 4) + (mk_usize 3168) private_key -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (mk_usize 4) (mk_usize 1568) + (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) + (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) - (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1600) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (mk_usize 4) (mk_usize 3168) + (mk_usize 1536) (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) + (mk_usize 11) (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1600) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index 634656bdd..e8cce0f2d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -5,24 +5,24 @@ open FStar.Mul /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +31,9 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -41,6 +41,6 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst index 4d0f9a927..420397080 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst @@ -15,37 +15,39 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 64) = tmp1 in + let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568) = Libcrux_ml_kem.Mlkem1024.generate_key_pair randomness in rng, hax_temp_output <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) let encapsulate (#impl_277843321_: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 32) = tmp1 in + let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & + t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Mlkem1024.encapsulate public_key randomness in rng, hax_temp_output <: - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti index e05ca0a8f..55494bc93 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti @@ -18,7 +18,8 @@ val generate_key_pair {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} (rng: impl_277843321_) - : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) + : Prims.Pure + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +32,10 @@ val encapsulate (#impl_277843321_: Type0) {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) (rng: impl_277843321_) : Prims.Pure - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index 5bbefd780..3514ff099 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -3,55 +3,57 @@ module Libcrux_ml_kem.Mlkem1024 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) - (sz 1536) - (sz 1568) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (mk_usize 4) + (mk_usize 1536) + (mk_usize 1568) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 4) - (sz 3168) - (sz 1568) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (mk_usize 4) + (mk_usize 3168) + (mk_usize 1568) private_key ciphertext -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = - Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568) = + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (mk_usize 4) + (mk_usize 1536) + (mk_usize 3168) + (mk_usize 1568) + (mk_usize 1536) + (mk_usize 2) + (mk_usize 128) randomness in let _:Prims.unit = admit () (* Panic freedom *) in result let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) = - let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) - (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (mk_usize 4) (mk_usize 1568) (mk_usize 1568) + (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) (mk_usize 5) (mk_usize 352) + (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness in let _:Prims.unit = admit () (* Panic freedom *) in result let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) = - let result:t_Array u8 (sz 32) = - Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) - private_key ciphertext + let result:t_Array u8 (mk_usize 32) = + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (mk_usize 4) (mk_usize 3168) (mk_usize 1536) + (mk_usize 1568) (mk_usize 1568) (mk_usize 1536) (mk_usize 1408) (mk_usize 160) (mk_usize 11) + (mk_usize 5) (mk_usize 352) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) + (mk_usize 1600) private_key ciphertext in let _:Prims.unit = admit () (* Panic freedom *) in result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index 86a3ff54a..cb0386c3a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -3,44 +3,44 @@ module Libcrux_ml_kem.Mlkem1024 open Core open FStar.Mul -let v_RANK_1024_: usize = sz 4 +let v_RANK_1024_: usize = mk_usize 4 let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize = - (v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 + (v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! mk_usize 8 let v_T_AS_NTT_ENCODED_SIZE_1024_: usize = ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 -let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = sz 11 +let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = mk_usize 11 let v_C1_BLOCK_SIZE_1024_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_1024_ <: usize) /! - sz 8 + mk_usize 8 let v_C1_SIZE_1024_: usize = v_C1_BLOCK_SIZE_1024_ *! v_RANK_1024_ -let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = sz 5 +let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = mk_usize 5 let v_C2_SIZE_1024_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_1024_ <: usize) /! - sz 8 + mk_usize 8 let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize = ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 -let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = v_T_AS_NTT_ENCODED_SIZE_1024_ +! sz 32 +let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = v_T_AS_NTT_ENCODED_SIZE_1024_ +! mk_usize 32 let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ @@ -51,39 +51,39 @@ let v_SECRET_KEY_SIZE_1024_: usize = usize) +! Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE -let v_ETA1: usize = sz 2 +let v_ETA1: usize = mk_usize 2 -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! mk_usize 64 -let v_ETA2: usize = sz 2 +let v_ETA2: usize = mk_usize 2 -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! mk_usize 64 let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. /// This function returns an [`MlKem1024KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (ensures fun res -> - let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = res in + let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568) = res in let (secret_key, public_key), valid = Spec.MLKEM.Instances.mlkem1024_generate_keypair randomness in @@ -94,13 +94,16 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = res in + let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32) + ) = + res + in let (ciphertext, shared_secret), valid = Spec.MLKEM.Instances.mlkem1024_encapsulate public_key.f_value randomness in @@ -111,13 +114,13 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:t_Array u8 (sz 32) = res in + let res:t_Array u8 (mk_usize 32) = res in let shared_secret, valid = Spec.MLKEM.Instances.mlkem1024_decapsulate private_key.f_value ciphertext.f_value in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst index 5fa5d411b..a5aeb766f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst @@ -12,28 +12,28 @@ let _ = () let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) public_key serialized in @@ -41,30 +41,30 @@ let serialized_public_key let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair serialized in @@ -72,15 +72,15 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair serialized in @@ -88,80 +88,80 @@ let key_pair_serialized_public_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 2) - (sz 1632) - (sz 768) - (sz 800) - (sz 768) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) + (mk_usize 800) + (mk_usize 768) + (mk_usize 768) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 2) - (sz 768) - (sz 768) - (sz 800) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 768) + (mk_usize 800) public_key unpacked_public_key in unpacked_public_key let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = generate_key_pair_mut randomness key_pair in @@ -169,19 +169,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (mk_usize 2) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (mk_usize 2) (mk_usize 1632) + (mk_usize 768) (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) + (mk_usize 128) (mk_usize 800) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti index dcd19cd24..79eadab70 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -14,22 +14,22 @@ let _ = /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -42,29 +42,29 @@ val serialized_public_key /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -77,9 +77,9 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -91,38 +91,38 @@ val key_pair_serialized_public_key /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) let _ = @@ -138,10 +138,10 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -151,7 +151,7 @@ val encapsulate /// and an [`MlKem512Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index 28a4e60c6..d2ea43581 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -3,46 +3,50 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) - (sz 768) - (sz 800) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 800) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 2) - (sz 1632) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 2) (sz 1632) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (mk_usize 2) + (mk_usize 1632) + private_key -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (mk_usize 2) (mk_usize 768) (mk_usize 800) + (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) (mk_usize 320) + (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) - private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (mk_usize 2) (mk_usize 1632) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) + (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) + (mk_usize 800) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index 155b410a7..56f32bcdf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -5,24 +5,24 @@ open FStar.Mul /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +31,9 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -41,6 +41,6 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst index c7cee7c1b..09f664c7b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst @@ -12,28 +12,28 @@ let _ = () let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) public_key serialized in @@ -41,30 +41,30 @@ let serialized_public_key let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair serialized in @@ -72,15 +72,15 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair serialized in @@ -88,80 +88,80 @@ let key_pair_serialized_public_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 2) - (sz 1632) - (sz 768) - (sz 800) - (sz 768) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) + (mk_usize 800) + (mk_usize 768) + (mk_usize 768) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 2) - (sz 768) - (sz 768) - (sz 800) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 768) + (mk_usize 800) public_key unpacked_public_key in unpacked_public_key let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = generate_key_pair_mut randomness key_pair in @@ -169,19 +169,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (mk_usize 2) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (mk_usize 2) (mk_usize 1632) + (mk_usize 768) (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) + (mk_usize 128) (mk_usize 800) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti index a1db53972..0d78e304b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -14,7 +14,7 @@ let _ = /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -22,7 +22,7 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -30,10 +30,10 @@ val init_public_key: Prims.unit /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -46,29 +46,29 @@ val serialized_public_key /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -81,9 +81,9 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -95,44 +95,44 @@ val key_pair_serialized_public_key /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -150,10 +150,10 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -163,7 +163,7 @@ val encapsulate /// and an [`MlKem512Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 4a2be4c3f..a8847b2e9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -3,46 +3,50 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) - (sz 768) - (sz 800) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 800) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 2) - (sz 1632) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 2) (sz 1632) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (mk_usize 2) + (mk_usize 1632) + private_key -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (mk_usize 2) (mk_usize 768) (mk_usize 800) + (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) (mk_usize 320) + (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) - private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (mk_usize 2) (mk_usize 1632) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) + (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) + (mk_usize 800) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index d029866f8..4ae8d6af9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -5,24 +5,24 @@ open FStar.Mul /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +31,9 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -41,6 +41,6 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst index 30232f848..1d0860a2a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst @@ -12,28 +12,28 @@ let _ = () let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) public_key serialized in @@ -41,30 +41,30 @@ let serialized_public_key let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 1632) - (sz 800) - (sz 768) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) key_pair serialized in @@ -72,15 +72,15 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 2) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair serialized in @@ -88,80 +88,80 @@ let key_pair_serialized_public_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 800) + (mk_usize 768) + (mk_usize 800) key_pair let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 2) - (sz 1632) - (sz 768) - (sz 800) - (sz 768) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) + (mk_usize 800) + (mk_usize 768) + (mk_usize 768) private_key key_pair in key_pair let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 2) - (sz 768) - (sz 768) - (sz 800) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 768) + (mk_usize 800) public_key unpacked_public_key in unpacked_public_key let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = generate_key_pair_mut randomness key_pair in @@ -169,20 +169,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (mk_usize 2) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) - (sz 800) (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) - (sz 128) (sz 800) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (mk_usize 2) (mk_usize 1632) + (mk_usize 768) (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) + (mk_usize 128) (mk_usize 800) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti index 0691e26fd..8b44e885d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -14,7 +14,7 @@ let _ = /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -22,7 +22,7 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -30,10 +30,10 @@ val init_public_key: Prims.unit /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -46,29 +46,29 @@ val serialized_public_key /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -81,9 +81,9 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (requires forall (i: nat). i < 2 ==> @@ -95,44 +95,44 @@ val key_pair_serialized_public_key /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -150,10 +150,10 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -163,7 +163,7 @@ val encapsulate /// and an [`MlKem512Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 090dcd204..a3c6321e9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -3,48 +3,50 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) - (sz 768) - (sz 800) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 800) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 2) - (sz 1632) - (sz 768) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 2) - (sz 1632) +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (mk_usize 2) + (mk_usize 1632) private_key -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (mk_usize 2) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (mk_usize 2) (mk_usize 1632) + (mk_usize 768) (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) + (mk_usize 128) (mk_usize 800) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index c0964f505..8c793c8b9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -5,24 +5,24 @@ open FStar.Mul /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +31,9 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -41,6 +41,6 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst index e739bdfa0..05959df41 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst @@ -15,35 +15,39 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 64) = tmp1 in + let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800) = Libcrux_ml_kem.Mlkem512.generate_key_pair randomness in - rng, hax_temp_output <: (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) + rng, hax_temp_output + <: + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) let encapsulate (#impl_277843321_: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 32) = tmp1 in + let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & + t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Mlkem512.encapsulate public_key randomness in rng, hax_temp_output <: - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti index 16f8cd014..3f98de8bf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti @@ -18,7 +18,8 @@ val generate_key_pair {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} (rng: impl_277843321_) - : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) + : Prims.Pure + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +32,10 @@ val encapsulate (#impl_277843321_: Type0) {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) (rng: impl_277843321_) : Prims.Pure - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index 756aaaa67..3fe754e64 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -3,55 +3,57 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) - (sz 768) - (sz 800) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (mk_usize 2) + (mk_usize 768) + (mk_usize 800) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 2) - (sz 1632) - (sz 768) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (mk_usize 2) + (mk_usize 1632) + (mk_usize 768) private_key ciphertext -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = - Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800) = + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (mk_usize 2) + (mk_usize 768) + (mk_usize 1632) + (mk_usize 800) + (mk_usize 768) + (mk_usize 3) + (mk_usize 192) randomness in let _:Prims.unit = admit () (* Panic freedom *) in result let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) = - let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (mk_usize 2) (mk_usize 768) (mk_usize 800) + (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) (mk_usize 4) (mk_usize 320) + (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) public_key randomness in let _:Prims.unit = admit () (* Panic freedom *) in result let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) = - let result:t_Array u8 (sz 32) = - Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) - private_key ciphertext + let result:t_Array u8 (mk_usize 32) = + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (mk_usize 2) (mk_usize 1632) (mk_usize 768) + (mk_usize 800) (mk_usize 768) (mk_usize 768) (mk_usize 640) (mk_usize 128) (mk_usize 10) + (mk_usize 4) (mk_usize 320) (mk_usize 3) (mk_usize 192) (mk_usize 2) (mk_usize 128) + (mk_usize 800) private_key ciphertext in let _:Prims.unit = admit () (* Panic freedom *) in result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index 74ca4c5d2..0f15d014a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -3,44 +3,44 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul -let v_RANK_512_: usize = sz 2 +let v_RANK_512_: usize = mk_usize 2 let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = - (v_RANK_512_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 + (v_RANK_512_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! mk_usize 8 let v_T_AS_NTT_ENCODED_SIZE_512_: usize = ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 -let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 +let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = mk_usize 10 let v_C1_BLOCK_SIZE_512_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_512_ <: usize) /! - sz 8 + mk_usize 8 let v_C1_SIZE_512_: usize = v_C1_BLOCK_SIZE_512_ *! v_RANK_512_ -let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 +let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = mk_usize 4 let v_C2_SIZE_512_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_512_ <: usize) /! - sz 8 + mk_usize 8 let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 -let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +! sz 32 +let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +! mk_usize 32 let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ @@ -51,39 +51,39 @@ let v_SECRET_KEY_SIZE_512_: usize = usize) +! Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE -let v_ETA1: usize = sz 3 +let v_ETA1: usize = mk_usize 3 -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! mk_usize 64 -let v_ETA2: usize = sz 2 +let v_ETA2: usize = mk_usize 2 -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! mk_usize 64 let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair /// The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. /// This function returns an [`MlKem512KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (ensures fun res -> - let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = res in + let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800) = res in let (secret_key, public_key), valid = Spec.MLKEM.Instances.mlkem512_generate_keypair randomness in @@ -94,13 +94,16 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = res in + let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32)) + = + res + in let (ciphertext, shared_secret), valid = Spec.MLKEM.Instances.mlkem512_encapsulate public_key.f_value randomness in @@ -111,13 +114,13 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:t_Array u8 (sz 32) = res in + let res:t_Array u8 (mk_usize 32) = res in let shared_secret, valid = Spec.MLKEM.Instances.mlkem512_decapsulate private_key.f_value ciphertext.f_value in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst index 4718cc7a3..ee03de325 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst @@ -12,28 +12,28 @@ let _ = () let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) public_key serialized in @@ -41,30 +41,30 @@ let serialized_public_key let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair serialized in @@ -72,15 +72,15 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair serialized in @@ -88,29 +88,29 @@ let key_pair_serialized_public_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 3) - (sz 2400) - (sz 1152) - (sz 1184) - (sz 1152) - (sz 1152) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1152) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 1152) private_key key_pair in @@ -118,72 +118,72 @@ let key_pair_from_private_mut let public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector key_pair <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) in pk let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 3) - (sz 1152) - (sz 1152) - (sz 1184) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1152) + (mk_usize 1184) public_key unpacked_public_key in unpacked_public_key let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = generate_key_pair_mut randomness key_pair in @@ -191,20 +191,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti index 7ac606b83..63c57415e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -14,22 +14,22 @@ let _ = /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -42,29 +42,29 @@ val serialized_public_key /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires (forall (i: nat). i < 3 ==> @@ -78,9 +78,9 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -92,50 +92,50 @@ val key_pair_serialized_public_key /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) let _ = @@ -151,10 +151,10 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -164,7 +164,7 @@ val encapsulate /// and an [`MlKem768Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index f67977469..c6be9c6a0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -3,46 +3,50 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) - (sz 1152) - (sz 1184) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1184) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 3) - (sz 2400) - (sz 1088) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1088) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 3) (sz 2400) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (mk_usize 3) + (mk_usize 2400) + private_key -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) - (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index f608cf49f..49dd3763f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -5,24 +5,24 @@ open FStar.Mul /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +31,9 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -41,6 +41,6 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst index c00d88015..b4b58e029 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst @@ -13,28 +13,28 @@ let _ = () let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) public_key serialized in @@ -42,30 +42,30 @@ let serialized_public_key let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair serialized in @@ -73,15 +73,15 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair serialized in @@ -89,29 +89,29 @@ let key_pair_serialized_public_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 3) - (sz 2400) - (sz 1152) - (sz 1184) - (sz 1152) - (sz 1152) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1152) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 1152) private_key key_pair in @@ -119,72 +119,72 @@ let key_pair_from_private_mut let public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector key_pair <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) in pk let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 3) - (sz 1152) - (sz 1152) - (sz 1184) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1152) + (mk_usize 1184) public_key unpacked_public_key in unpacked_public_key let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = generate_key_pair_mut randomness key_pair in @@ -192,20 +192,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti index 0bf82e31d..0aa06a36b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -15,7 +15,7 @@ let _ = /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -23,7 +23,7 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -31,10 +31,10 @@ val init_public_key: Prims.unit /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -47,29 +47,29 @@ val serialized_public_key /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires (forall (i: nat). i < 3 ==> @@ -83,9 +83,9 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -97,12 +97,12 @@ val key_pair_serialized_public_key /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -110,45 +110,45 @@ val key_pair_from_private_mut /// Get the unpacked public key. val public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -166,10 +166,10 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -179,7 +179,7 @@ val encapsulate /// and an [`MlKem768Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index 217db89fb..2146816c2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -3,46 +3,50 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) - (sz 1152) - (sz 1184) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1184) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 3) - (sz 2400) - (sz 1088) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1088) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 3) (sz 2400) private_key +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (mk_usize 3) + (mk_usize 2400) + private_key -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) - (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index 8aebfc0f2..358b87259 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -5,24 +5,24 @@ open FStar.Mul /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +31,9 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -41,6 +41,6 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst index de49efa0a..6c1019653 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst @@ -13,28 +13,28 @@ let _ = () let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () let serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_3__serialized_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) public_key serialized in @@ -42,30 +42,30 @@ let serialized_public_key let key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair let key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_private_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) key_pair serialized in @@ -73,15 +73,15 @@ let key_pair_serialized_private_key_mut let key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (sz 3) + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key_mut (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair serialized in @@ -89,29 +89,29 @@ let key_pair_serialized_public_key_mut let key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__serialized_public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 1184) + (mk_usize 1152) + (mk_usize 1184) key_pair let key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 3) - (sz 2400) - (sz 1152) - (sz 1184) - (sz 1152) - (sz 1152) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1152) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 1152) private_key key_pair in @@ -119,72 +119,72 @@ let key_pair_from_private_mut let public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_4__public_key (mk_usize 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector key_pair <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in pk let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + let unpacked_public_key:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 3) - (sz 1152) - (sz 1152) - (sz 1184) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1152) + (mk_usize 1184) public_key unpacked_public_key in unpacked_public_key let generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness key_pair in key_pair -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () in - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = generate_key_pair_mut randomness key_pair in @@ -192,20 +192,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = let encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti index 89578b57a..edc6849b2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -15,7 +15,7 @@ let _ = /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -23,7 +23,7 @@ val init_key_pair: Prims.unit /// Create a new, empty unpacked public key. val init_public_key: Prims.unit -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -31,10 +31,10 @@ val init_public_key: Prims.unit /// Get the serialized public key. val serialized_public_key (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -47,29 +47,29 @@ val serialized_public_key /// Get the serialized private key. val key_pair_serialized_private_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized private key. val key_pair_serialized_private_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) Prims.l_True (fun _ -> Prims.l_True) /// Get the serialized public key. val key_pair_serialized_public_key_mut (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires (forall (i: nat). i < 3 ==> @@ -83,9 +83,9 @@ val key_pair_serialized_public_key_mut /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (requires forall (i: nat). i < 3 ==> @@ -97,12 +97,12 @@ val key_pair_serialized_public_key /// Get an unpacked key from a private key. val key_pair_from_private_mut - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -110,45 +110,45 @@ val key_pair_from_private_mut /// Get the unpacked public key. val public_key (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Get the unpacked public key. val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. val generate_key_pair_mut - (randomness: t_Array u8 (sz 64)) + (randomness: t_Array u8 (mk_usize 64)) (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair (randomness: t_Array u8 (sz 64)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) @@ -166,10 +166,10 @@ let _ = /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. val encapsulate (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -179,7 +179,7 @@ val encapsulate /// and an [`MlKem768Ciphertext`]. val decapsulate (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (mk_usize 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index ffe9b58f0..2f15dddc1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -3,48 +3,50 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) - (sz 1152) - (sz 1184) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1184) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 3) - (sz 2400) - (sz 1088) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1088) private_key ciphertext -let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 3) - (sz 2400) +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (mk_usize 3) + (mk_usize 2400) private_key -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (mk_usize 3) (mk_usize 1088) + (mk_usize 1184) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) + (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) - (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) - (sz 1120) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (mk_usize 3) (mk_usize 2400) + (mk_usize 1152) (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) + (mk_usize 10) (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) + (mk_usize 128) (mk_usize 1120) private_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index 7847d3793..0a688612b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -5,24 +5,24 @@ open FStar.Mul /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate the private key only. /// Returns `true` if valid, and `false` otherwise. -val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +31,9 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) @@ -41,6 +41,6 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst index e5bea331d..e19acdcc9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst @@ -15,37 +15,39 @@ let generate_key_pair (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 64) = tmp1 in + let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184) = Libcrux_ml_kem.Mlkem768.generate_key_pair randomness in rng, hax_temp_output <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) let encapsulate (#impl_277843321_: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (rng: impl_277843321_) = - let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 32) = tmp1 in + let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in - let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & + t_Array u8 (mk_usize 32)) = Libcrux_ml_kem.Mlkem768.encapsulate public_key randomness in rng, hax_temp_output <: - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti index a9bea6f7d..f1c2a540e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti @@ -18,7 +18,8 @@ val generate_key_pair {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} (rng: impl_277843321_) - : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) + : Prims.Pure + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (fun _ -> Prims.l_True) @@ -31,9 +32,10 @@ val encapsulate (#impl_277843321_: Type0) {| i1: Rand_core.t_RngCore impl_277843321_ |} {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) (rng: impl_277843321_) : Prims.Pure - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))) + (impl_277843321_ & + (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index 0d24f0dd0..87f2d1812 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -3,55 +3,57 @@ module Libcrux_ml_kem.Mlkem768 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) - (sz 1152) - (sz 1184) +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (mk_usize 3) + (mk_usize 1152) + (mk_usize 1184) public_key.Libcrux_ml_kem.Types.f_value let validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 3) - (sz 2400) - (sz 1088) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (mk_usize 3) + (mk_usize 2400) + (mk_usize 1088) private_key ciphertext -let generate_key_pair (randomness: t_Array u8 (sz 64)) = - let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = - Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) +let generate_key_pair (randomness: t_Array u8 (mk_usize 64)) = + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184) = + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (mk_usize 3) + (mk_usize 1152) + (mk_usize 2400) + (mk_usize 1184) + (mk_usize 1152) + (mk_usize 2) + (mk_usize 128) randomness in let _:Prims.unit = admit () (* Panic freedom *) in result let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) = - let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (mk_usize 3) (mk_usize 1088) (mk_usize 1184) + (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) (mk_usize 4) (mk_usize 320) + (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) public_key randomness in let _:Prims.unit = admit () (* Panic freedom *) in result let decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) = - let result:t_Array u8 (sz 32) = - Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) - private_key ciphertext + let result:t_Array u8 (mk_usize 32) = + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (mk_usize 3) (mk_usize 2400) (mk_usize 1152) + (mk_usize 1184) (mk_usize 1088) (mk_usize 1152) (mk_usize 960) (mk_usize 128) (mk_usize 10) + (mk_usize 4) (mk_usize 320) (mk_usize 2) (mk_usize 128) (mk_usize 2) (mk_usize 128) + (mk_usize 1120) private_key ciphertext in let _:Prims.unit = admit () (* Panic freedom *) in result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index 2a2e96421..e73837a1b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -3,44 +3,44 @@ module Libcrux_ml_kem.Mlkem768 open Core open FStar.Mul -let v_RANK_768_: usize = sz 3 +let v_RANK_768_: usize = mk_usize 3 let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize = - (v_RANK_768_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 + (v_RANK_768_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! mk_usize 8 let v_T_AS_NTT_ENCODED_SIZE_768_: usize = ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 -let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = sz 10 +let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = mk_usize 10 let v_C1_BLOCK_SIZE_768_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_768_ <: usize) /! - sz 8 + mk_usize 8 let v_C1_SIZE_768_: usize = v_C1_BLOCK_SIZE_768_ *! v_RANK_768_ -let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = sz 4 +let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = mk_usize 4 let v_C2_SIZE_768_: usize = (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_768_ <: usize) /! - sz 8 + mk_usize 8 let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize = ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT <: usize) /! - sz 8 + mk_usize 8 -let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = v_T_AS_NTT_ENCODED_SIZE_768_ +! sz 32 +let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = v_T_AS_NTT_ENCODED_SIZE_768_ +! mk_usize 32 let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ @@ -51,39 +51,39 @@ let v_SECRET_KEY_SIZE_768_: usize = usize) +! Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE -let v_ETA1: usize = sz 2 +let v_ETA1: usize = mk_usize 2 -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! mk_usize 64 -let v_ETA2: usize = sz 2 +let v_ETA2: usize = mk_usize 2 -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! mk_usize 64 let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a private key. /// Returns `true` if valid, and `false` otherwise. val validate_private_key - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. /// This function returns an [`MlKem768KeyPair`]. -val generate_key_pair (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) +val generate_key_pair (randomness: t_Array u8 (mk_usize 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (ensures fun res -> - let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = res in + let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184) = res in let (secret_key, public_key), valid = Spec.MLKEM.Instances.mlkem768_generate_keypair randomness in @@ -94,13 +94,16 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) + (randomness: t_Array u8 (mk_usize 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = res in + let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32) + ) = + res + in let (ciphertext, shared_secret), valid = Spec.MLKEM.Instances.mlkem768_encapsulate public_key.f_value randomness in @@ -111,13 +114,13 @@ val encapsulate /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. val decapsulate - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (mk_usize 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088)) + : Prims.Pure (t_Array u8 (mk_usize 32)) Prims.l_True (ensures fun res -> - let res:t_Array u8 (sz 32) = res in + let res:t_Array u8 (mk_usize 32) = res in let shared_secret, valid = Spec.MLKEM.Instances.mlkem768_decapsulate private_key.f_value ciphertext.f_value in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 851e27bf5..79df0d16e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -24,8 +24,8 @@ let ntt_at_layer_1_ let _:Prims.unit = reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -47,7 +47,7 @@ let ntt_at_layer_1_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i +! sz 1 in + let zeta_i:usize = zeta_i +! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) @@ -65,16 +65,16 @@ let ntt_at_layer_1_ #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 1 <: usize) <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 2 <: usize) <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 3 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! mk_usize 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! mk_usize 2 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! mk_usize 3 <: usize) <: i16) <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in - let zeta_i:usize = zeta_i +! sz 3 in + let zeta_i:usize = zeta_i +! mk_usize 3 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) @@ -105,8 +105,8 @@ let ntt_at_layer_2_ let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -128,7 +128,7 @@ let ntt_at_layer_2_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i +! sz 1 in + let zeta_i:usize = zeta_i +! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) @@ -146,14 +146,14 @@ let ntt_at_layer_2_ #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.zeta zeta_i <: i16) - (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! sz 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.zeta (zeta_i +! mk_usize 1 <: usize) <: i16) <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in - let zeta_i:usize = zeta_i +! sz 1 in + let zeta_i:usize = zeta_i +! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) @@ -184,8 +184,8 @@ let ntt_at_layer_3_ let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -207,7 +207,7 @@ let ntt_at_layer_3_ temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i +! sz 1 in + let zeta_i:usize = zeta_i +! mk_usize 1 in let _:Prims.unit = reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) (Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328) @@ -274,11 +274,11 @@ let ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) = - let step:usize = sz 1 <>! layer <: usize) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 128 >>! layer <: usize) (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ @@ -291,10 +291,10 @@ let ntt_at_layer_4_plus temp_0_ in let round:usize = round in - let zeta_i:usize = zeta_i +! sz 1 in - let offset:usize = (round *! step <: usize) *! sz 2 in - let offset_vec:usize = offset /! sz 16 in - let step_vec:usize = step /! sz 16 in + let zeta_i:usize = zeta_i +! mk_usize 1 in + let offset:usize = (round *! step <: usize) *! mk_usize 2 in + let offset_vec:usize = offset /! mk_usize 16 in + let step_vec:usize = step /! mk_usize 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range offset_vec (offset_vec +! step_vec <: usize) @@ -357,10 +357,10 @@ let ntt_at_layer_7_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in + let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! mk_usize 2 in let _:Prims.unit = assert (v step == 8) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) step (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -378,7 +378,7 @@ let ntt_at_layer_7_ Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step <: usize ] <: v_Vector) - (-1600s) + (mk_i16 (-1600)) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -434,39 +434,52 @@ let ntt_binomially_sampled_ring_element let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = ntt_at_layer_7_ #v_Vector re in - let zeta_i:usize = sz 1 in + let zeta_i:usize = mk_usize 1 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 11207) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 6) (mk_usize 11207) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 11207 +! sz 3328 <: usize) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 5) (mk_usize 11207 +! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 11207 +! (sz 2 *! sz 3328 <: usize) <: usize) + ntt_at_layer_4_plus #v_Vector + zeta_i + re + (mk_usize 4) + (mk_usize 11207 +! (mk_usize 2 *! mk_usize 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ #v_Vector zeta_i re (sz 11207 +! (sz 3 *! sz 3328 <: usize) <: usize) + ntt_at_layer_3_ #v_Vector + zeta_i + re + (mk_usize 11207 +! (mk_usize 3 *! mk_usize 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ #v_Vector zeta_i re (sz 11207 +! (sz 4 *! sz 3328 <: usize) <: usize) + ntt_at_layer_2_ #v_Vector + zeta_i + re + (mk_usize 11207 +! (mk_usize 4 *! mk_usize 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ #v_Vector zeta_i re (sz 11207 +! (sz 5 *! sz 3328 <: usize) <: usize) + ntt_at_layer_1_ #v_Vector + zeta_i + re + (mk_usize 11207 +! (mk_usize 5 *! mk_usize 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in @@ -492,45 +505,45 @@ let ntt_vector_u Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let zeta_i:usize = sz 0 in + let zeta_i:usize = mk_usize 0 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 7) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 7) (mk_usize 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 2 *! sz 3328 <: usize) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 6) (mk_usize 2 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3 *! sz 3328 <: usize) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 5) (mk_usize 3 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 4 *! sz 3328 <: usize) + ntt_at_layer_4_plus #v_Vector zeta_i re (mk_usize 4) (mk_usize 4 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ #v_Vector zeta_i re (sz 5 *! sz 3328 <: usize) + ntt_at_layer_3_ #v_Vector zeta_i re (mk_usize 5 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ #v_Vector zeta_i re (sz 6 *! sz 3328 <: usize) + ntt_at_layer_2_ #v_Vector zeta_i re (mk_usize 6 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ #v_Vector zeta_i re (sz 7 *! sz 3328 <: usize) + ntt_at_layer_1_ #v_Vector zeta_i re (mk_usize 7 *! mk_usize 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 547dfca90..5dc7c8894 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -61,7 +61,7 @@ let v_ZERO () <: v_Vector) - (sz 16) + (mk_usize 16) } <: t_PolynomialRingElement v_Vector @@ -75,7 +75,7 @@ let from_i16_array = let result:t_PolynomialRingElement v_Vector = v_ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun result temp_1_ -> let result:t_PolynomialRingElement v_Vector = result in @@ -94,8 +94,8 @@ let from_i16_array (Libcrux_ml_kem.Vector.Traits.f_from_i16_array #v_Vector #FStar.Tactics.Typeclasses.solve (a.[ { - Core.Ops.Range.f_start = i *! sz 16 <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! sz 16 <: usize + Core.Ops.Range.f_start = i *! mk_usize 16 <: usize; + Core.Ops.Range.f_end = (i +! mk_usize 1 <: usize) *! mk_usize 16 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -104,7 +104,7 @@ let from_i16_array <: v_Vector) <: - t_Array v_Vector (sz 16) + t_Array v_Vector (mk_usize 16) } <: t_PolynomialRingElement v_Vector) @@ -122,7 +122,7 @@ let add_to_ring_element (myself rhs: t_PolynomialRingElement v_Vector) = let myself:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #v_Vector (myself.f_coefficients <: t_Slice v_Vector) <: usize) (fun myself temp_1_ -> let myself:t_PolynomialRingElement v_Vector = myself in @@ -145,7 +145,7 @@ let add_to_ring_element <: v_Vector) <: - t_Array v_Vector (sz 16) + t_Array v_Vector (mk_usize 16) } <: t_PolynomialRingElement v_Vector) @@ -164,7 +164,7 @@ let poly_barrett_reduce (myself: t_PolynomialRingElement v_Vector) = let myself:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun myself temp_1_ -> let myself:t_PolynomialRingElement v_Vector = myself in @@ -186,7 +186,7 @@ let poly_barrett_reduce <: v_Vector) <: - t_Array v_Vector (sz 16) + t_Array v_Vector (mk_usize 16) } <: t_PolynomialRingElement v_Vector) @@ -205,7 +205,7 @@ let subtract_reduce (myself b: t_PolynomialRingElement v_Vector) = let b:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun b temp_1_ -> let b:t_PolynomialRingElement v_Vector = b in @@ -219,7 +219,7 @@ let subtract_reduce Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector #FStar.Tactics.Typeclasses.solve (b.f_coefficients.[ i ] <: v_Vector) - 1441s + (mk_i16 1441) in let b:t_PolynomialRingElement v_Vector = { @@ -258,7 +258,7 @@ let add_message_error_reduce (myself message result: t_PolynomialRingElement v_Vector) = let result:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun result temp_1_ -> let result:t_PolynomialRingElement v_Vector = result in @@ -272,7 +272,7 @@ let add_message_error_reduce Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector #FStar.Tactics.Typeclasses.solve (result.f_coefficients.[ i ] <: v_Vector) - 1441s + (mk_i16 1441) in let tmp:v_Vector = Libcrux_ml_kem.Vector.Traits.f_add #v_Vector @@ -318,7 +318,7 @@ let add_error_reduce (myself error: t_PolynomialRingElement v_Vector) = let myself:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun myself temp_1_ -> let myself:t_PolynomialRingElement v_Vector = myself in @@ -332,7 +332,7 @@ let add_error_reduce Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector #FStar.Tactics.Typeclasses.solve (myself.f_coefficients.[ j ] <: v_Vector) - 1441s + (mk_i16 1441) in let myself:t_PolynomialRingElement v_Vector = { @@ -371,7 +371,7 @@ let add_standard_error_reduce (myself error: t_PolynomialRingElement v_Vector) = let myself:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun myself temp_1_ -> let myself:t_PolynomialRingElement v_Vector = myself in @@ -423,7 +423,7 @@ let ntt_multiply = let out:t_PolynomialRingElement v_Vector = v_ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_VECTORS_IN_RING_ELEMENT (fun out temp_1_ -> let out:t_PolynomialRingElement v_Vector = out in @@ -443,14 +443,23 @@ let ntt_multiply #FStar.Tactics.Typeclasses.solve (myself.f_coefficients.[ i ] <: v_Vector) (rhs.f_coefficients.[ i ] <: v_Vector) - (zeta (sz 64 +! (sz 4 *! i <: usize) <: usize) <: i16) - (zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: usize) <: i16) - (zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 <: usize) <: i16) - (zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: usize) <: i16) + (zeta (mk_usize 64 +! (mk_usize 4 *! i <: usize) <: usize) <: i16) + (zeta ((mk_usize 64 +! (mk_usize 4 *! i <: usize) <: usize) +! mk_usize 1 <: usize + ) + <: + i16) + (zeta ((mk_usize 64 +! (mk_usize 4 *! i <: usize) <: usize) +! mk_usize 2 <: usize + ) + <: + i16) + (zeta ((mk_usize 64 +! (mk_usize 4 *! i <: usize) <: usize) +! mk_usize 3 <: usize + ) + <: + i16) <: v_Vector) <: - t_Array v_Vector (sz 16) + t_Array v_Vector (mk_usize 16) } <: t_PolynomialRingElement v_Vector) @@ -474,7 +483,7 @@ let impl_2__ZERO () <: v_Vector) - (sz 16) + (mk_usize 16) } <: t_PolynomialRingElement v_Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index 703ae891c..474e3efe1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -9,21 +9,30 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = +let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (mk_usize 128) = let _:Prims.unit = assert_norm (pow2 16 == 65536) in let list = [ - (-1044s); (-758s); (-359s); (-1517s); 1493s; 1422s; 287s; 202s; (-171s); 622s; 1577s; 182s; - 962s; (-1202s); (-1474s); 1468s; 573s; (-1325s); 264s; 383s; (-829s); 1458s; (-1602s); (-130s); - (-681s); 1017s; 732s; 608s; (-1542s); 411s; (-205s); (-1571s); 1223s; 652s; (-552s); 1015s; - (-1293s); 1491s; (-282s); (-1544s); 516s; (-8s); (-320s); (-666s); (-1618s); (-1162s); 126s; - 1469s; (-853s); (-90s); (-271s); 830s; 107s; (-1421s); (-247s); (-951s); (-398s); 961s; - (-1508s); (-725s); 448s; (-1065s); 677s; (-1275s); (-1103s); 430s; 555s; 843s; (-1251s); 871s; - 1550s; 105s; 422s; 587s; 177s; (-235s); (-291s); (-460s); 1574s; 1653s; (-246s); 778s; 1159s; - (-147s); (-777s); 1483s; (-602s); 1119s; (-1590s); 644s; (-872s); 349s; 418s; 329s; (-156s); - (-75s); 817s; 1097s; 603s; 610s; 1322s; (-1285s); (-1465s); 384s; (-1215s); (-136s); 1218s; - (-1335s); (-874s); 220s; (-1187s); (-1659s); (-1185s); (-1530s); (-1278s); 794s; (-1510s); - (-854s); (-870s); 478s; (-108s); (-308s); 996s; 991s; 958s; (-1460s); 1522s; 1628s + mk_i16 (-1044); mk_i16 (-758); mk_i16 (-359); mk_i16 (-1517); mk_i16 1493; mk_i16 1422; + mk_i16 287; mk_i16 202; mk_i16 (-171); mk_i16 622; mk_i16 1577; mk_i16 182; mk_i16 962; + mk_i16 (-1202); mk_i16 (-1474); mk_i16 1468; mk_i16 573; mk_i16 (-1325); mk_i16 264; + mk_i16 383; mk_i16 (-829); mk_i16 1458; mk_i16 (-1602); mk_i16 (-130); mk_i16 (-681); + mk_i16 1017; mk_i16 732; mk_i16 608; mk_i16 (-1542); mk_i16 411; mk_i16 (-205); mk_i16 (-1571); + mk_i16 1223; mk_i16 652; mk_i16 (-552); mk_i16 1015; mk_i16 (-1293); mk_i16 1491; + mk_i16 (-282); mk_i16 (-1544); mk_i16 516; mk_i16 (-8); mk_i16 (-320); mk_i16 (-666); + mk_i16 (-1618); mk_i16 (-1162); mk_i16 126; mk_i16 1469; mk_i16 (-853); mk_i16 (-90); + mk_i16 (-271); mk_i16 830; mk_i16 107; mk_i16 (-1421); mk_i16 (-247); mk_i16 (-951); + mk_i16 (-398); mk_i16 961; mk_i16 (-1508); mk_i16 (-725); mk_i16 448; mk_i16 (-1065); + mk_i16 677; mk_i16 (-1275); mk_i16 (-1103); mk_i16 430; mk_i16 555; mk_i16 843; mk_i16 (-1251); + mk_i16 871; mk_i16 1550; mk_i16 105; mk_i16 422; mk_i16 587; mk_i16 177; mk_i16 (-235); + mk_i16 (-291); mk_i16 (-460); mk_i16 1574; mk_i16 1653; mk_i16 (-246); mk_i16 778; mk_i16 1159; + mk_i16 (-147); mk_i16 (-777); mk_i16 1483; mk_i16 (-602); mk_i16 1119; mk_i16 (-1590); + mk_i16 644; mk_i16 (-872); mk_i16 349; mk_i16 418; mk_i16 329; mk_i16 (-156); mk_i16 (-75); + mk_i16 817; mk_i16 1097; mk_i16 603; mk_i16 610; mk_i16 1322; mk_i16 (-1285); mk_i16 (-1465); + mk_i16 384; mk_i16 (-1215); mk_i16 (-136); mk_i16 1218; mk_i16 (-1335); mk_i16 (-874); + mk_i16 220; mk_i16 (-1187); mk_i16 (-1659); mk_i16 (-1185); mk_i16 (-1530); mk_i16 (-1278); + mk_i16 794; mk_i16 (-1510); mk_i16 (-854); mk_i16 (-870); mk_i16 478; mk_i16 (-108); + mk_i16 (-308); mk_i16 996; mk_i16 991; mk_i16 958; mk_i16 (-1460); mk_i16 1522; mk_i16 1628 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); @@ -31,7 +40,7 @@ let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = val zeta (i: usize) : Prims.Pure i16 - (requires i <. sz 128) + (requires i <. mk_usize 128) (ensures fun result -> let result:i16 = result in @@ -43,7 +52,7 @@ let v_VECTORS_IN_RING_ELEMENT: usize = type t_PolynomialRingElement (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { f_coefficients:t_Array v_Vector (sz 16) } + = { f_coefficients:t_Array v_Vector (mk_usize 16) } let to_spec_poly_t (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -86,7 +95,8 @@ val from_i16_array (a: t_Slice i16) : Prims.Pure (t_PolynomialRingElement v_Vector) (requires - (v_VECTORS_IN_RING_ELEMENT *! sz 16 <: usize) <=. (Core.Slice.impl__len #i16 a <: usize)) + (v_VECTORS_IN_RING_ELEMENT *! mk_usize 16 <: usize) <=. + (Core.Slice.impl__len #i16 a <: usize)) (fun _ -> Prims.l_True) /// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise @@ -211,5 +221,6 @@ val impl_2__from_i16_array (a: t_Slice i16) : Prims.Pure (t_PolynomialRingElement v_Vector) (requires - (v_VECTORS_IN_RING_ELEMENT *! sz 16 <: usize) <=. (Core.Slice.impl__len #i16 a <: usize)) + (v_VECTORS_IN_RING_ELEMENT *! mk_usize 16 <: usize) <=. + (Core.Slice.impl__len #i16 a <: usize)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 5029a388d..8dc7807f5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -18,35 +18,39 @@ let sample_from_uniform_distribution_next Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Array (t_Array u8 v_N) v_K) (sampled_coefficients: t_Array usize v_K) - (out: t_Array (t_Array i16 (sz 272)) v_K) + (out: t_Array (t_Array i16 (mk_usize 272)) v_K) = - let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let out, sampled_coefficients:(t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun temp_0_ temp_1_ -> - let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = + let out, sampled_coefficients:(t_Array (t_Array i16 (mk_usize 272)) v_K & + t_Array usize v_K) = temp_0_ in let _:usize = temp_1_ in true) - (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + (out, sampled_coefficients <: (t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K)) (fun temp_0_ i -> - let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = + let out, sampled_coefficients:(t_Array (t_Array i16 (mk_usize 272)) v_K & + t_Array usize v_K) = temp_0_ in let i:usize = i in - Rust_primitives.Hax.Folds.fold_range (sz 0) - (v_N /! sz 24 <: usize) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (v_N /! mk_usize 24 <: usize) (fun temp_0_ temp_1_ -> - let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + let out, sampled_coefficients:(t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K) = temp_0_ in let _:usize = temp_1_ in true) - (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + (out, sampled_coefficients + <: + (t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K)) (fun temp_0_ r -> - let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + let out, sampled_coefficients:(t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K) = temp_0_ in @@ -61,41 +65,43 @@ let sample_from_uniform_distribution_next Libcrux_ml_kem.Vector.Traits.f_rej_sample #v_Vector #FStar.Tactics.Typeclasses.solve ((randomness.[ i ] <: t_Array u8 v_N).[ { - Core.Ops.Range.f_start = r *! sz 24 <: usize; - Core.Ops.Range.f_end = (r *! sz 24 <: usize) +! sz 24 <: usize + Core.Ops.Range.f_start = r *! mk_usize 24 <: usize; + Core.Ops.Range.f_end + = + (r *! mk_usize 24 <: usize) +! mk_usize 24 <: usize } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) - ((out.[ i ] <: t_Array i16 (sz 272)).[ { + ((out.[ i ] <: t_Array i16 (mk_usize 272)).[ { Core.Ops.Range.f_start = sampled_coefficients.[ i ] <: usize; Core.Ops.Range.f_end = - (sampled_coefficients.[ i ] <: usize) +! sz 16 <: usize + (sampled_coefficients.[ i ] <: usize) +! mk_usize 16 <: usize } <: Core.Ops.Range.t_Range usize ] <: t_Slice i16) in - let out:t_Array (t_Array i16 (sz 272)) v_K = + let out:t_Array (t_Array i16 (mk_usize 272)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i (Rust_primitives.Hax.Monomorphized_update_at.update_at_range (out.[ i ] <: - t_Array i16 (sz 272)) + t_Array i16 (mk_usize 272)) ({ Core.Ops.Range.f_start = sampled_coefficients.[ i ] <: usize; Core.Ops.Range.f_end = - (sampled_coefficients.[ i ] <: usize) +! sz 16 <: usize + (sampled_coefficients.[ i ] <: usize) +! mk_usize 16 <: usize } <: Core.Ops.Range.t_Range usize) tmp0 <: - t_Array i16 (sz 272)) + t_Array i16 (mk_usize 272)) in let sampled:usize = out1 in let sampled_coefficients:t_Array usize v_K = @@ -105,17 +111,17 @@ let sample_from_uniform_distribution_next in out, sampled_coefficients <: - (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) + (t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K) else out, sampled_coefficients <: - (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + (t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K)) <: - (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) + (t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K)) in let done:bool = true in let done, sampled_coefficients:(bool & t_Array usize v_K) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun temp_0_ temp_1_ -> let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in @@ -142,7 +148,7 @@ let sample_from_uniform_distribution_next let hax_temp_output:bool = done in sampled_coefficients, out, hax_temp_output <: - (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) + (t_Array usize v_K & t_Array (t_Array i16 (mk_usize 272)) v_K & bool) #push-options "--admit_smt_queries true" @@ -155,13 +161,16 @@ let sample_from_xof (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (seeds: t_Array (t_Array u8 (sz 34)) v_K) + (seeds: t_Array (t_Array u8 (mk_usize 34)) v_K) = let (sampled_coefficients: t_Array usize v_K):t_Array usize v_K = - Rust_primitives.Hax.repeat (sz 0) v_K + Rust_primitives.Hax.repeat (mk_usize 0) v_K in - let (out: t_Array (t_Array i16 (sz 272)) v_K):t_Array (t_Array i16 (sz 272)) v_K = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0s (sz 272) <: t_Array i16 (sz 272)) v_K + let (out: t_Array (t_Array i16 (mk_usize 272)) v_K):t_Array (t_Array i16 (mk_usize 272)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 272) + <: + t_Array i16 (mk_usize 272)) + v_K in let xof_state:v_Hasher = Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb_final #v_Hasher @@ -169,25 +178,31 @@ let sample_from_xof #FStar.Tactics.Typeclasses.solve seeds in - let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 504)) v_K) = + let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (mk_usize 504)) v_K) = Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_first_three_blocks #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve xof_state in let xof_state:v_Hasher = tmp0 in - let randomness:t_Array (t_Array u8 (sz 504)) v_K = out1 in - let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) = - sample_from_uniform_distribution_next #v_Vector v_K (sz 504) randomness sampled_coefficients out + let randomness:t_Array (t_Array u8 (mk_usize 504)) v_K = out1 in + let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (mk_usize 272)) v_K & bool) = + sample_from_uniform_distribution_next #v_Vector + v_K + (mk_usize 504) + randomness + sampled_coefficients + out in let sampled_coefficients:t_Array usize v_K = tmp0 in - let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in + let out:t_Array (t_Array i16 (mk_usize 272)) v_K = tmp1 in let done:bool = out1 in - let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K & + let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher) = Rust_primitives.f_while_loop (fun temp_0_ -> - let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K & + let done, out, sampled_coefficients, xof_state:(bool & + t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher) = temp_0_ @@ -195,44 +210,46 @@ let sample_from_xof ~.done <: bool) (done, out, sampled_coefficients, xof_state <: - (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher)) + (bool & t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher)) (fun temp_0_ -> - let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (sz 272)) v_K & + let done, out, sampled_coefficients, xof_state:(bool & + t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher) = temp_0_ in - let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 168)) v_K) = + let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (mk_usize 168)) v_K) = Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_next_block #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve xof_state in let xof_state:v_Hasher = tmp0 in - let randomness:t_Array (t_Array u8 (sz 168)) v_K = out1 in - let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) = + let randomness:t_Array (t_Array u8 (mk_usize 168)) v_K = out1 in + let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (mk_usize 272)) v_K & bool) + = sample_from_uniform_distribution_next #v_Vector v_K - (sz 168) + (mk_usize 168) randomness sampled_coefficients out in let sampled_coefficients:t_Array usize v_K = tmp0 in - let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in + let out:t_Array (t_Array i16 (mk_usize 272)) v_K = tmp1 in let done:bool = out1 in done, out, sampled_coefficients, xof_state <: - (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher)) + (bool & t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher)) in - Core.Array.impl_23__map #(t_Array i16 (sz 272)) + Core.Array.impl_23__map #(t_Array i16 (mk_usize 272)) v_K #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) out (fun s -> - let s:t_Array i16 (sz 272) = s in + let s:t_Array i16 (mk_usize 272) = s in Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector - (s.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 256 } + (s.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 256 } <: Core.Ops.Range.t_Range usize ] <: @@ -255,51 +272,55 @@ let sample_from_binomial_distribution_2_ assert (v (sz 2 *! sz 64) == 128); assert (Seq.length randomness == 128) in - let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in - let sampled_i16s:t_Array i16 (sz 256) = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + let sampled_i16s:t_Array i16 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 256) + in + let sampled_i16s:t_Array i16 (mk_usize 256) = + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 4) randomness (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let _:usize = temp_1_ in true) sampled_i16s (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in let (random_bits_as_u32: u32):u32 = - (((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. - ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 1431655765ul in + let even_bits:u32 = random_bits_as_u32 &. mk_u32 1431655765 in + let odd_bits:u32 = (random_bits_as_u32 >>! mk_i32 1 <: u32) &. mk_u32 1431655765 in let _:Prims.unit = logand_lemma random_bits_as_u32 (mk_u32 1431655765); logand_lemma (random_bits_as_u32 >>! (mk_i32 1)) (mk_u32 1431655765) in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Rust_primitives.Hax.Folds.fold_range_step_by 0ul + Rust_primitives.Hax.Folds.fold_range_step_by (mk_u32 0) Core.Num.impl__u32__BITS - (sz 4) + (mk_usize 4) (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let _:u32 = temp_1_ in true) sampled_i16s (fun sampled_i16s outcome_set -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let outcome_set:u32 = outcome_set in let outcome_1_:i16 = - cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) <: i16 + cast ((coin_toss_outcomes >>! outcome_set <: u32) &. mk_u32 3 <: u32) <: i16 in let outcome_2_:i16 = - cast ((coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) &. 3ul <: u32) + cast ((coin_toss_outcomes >>! (outcome_set +! mk_u32 2 <: u32) <: u32) &. mk_u32 3 + <: + u32) <: i16 in @@ -313,10 +334,10 @@ let sample_from_binomial_distribution_2_ assert (v (sz 8 *! chunk_number <: usize) <= 248); assert (v (cast (outcome_set >>! (mk_i32 2) <: u32) <: usize) <= 7) in - let offset:usize = cast (outcome_set >>! 2l <: u32) <: usize in - let sampled_i16s:t_Array i16 (sz 256) = + let offset:usize = cast (outcome_set >>! mk_i32 2 <: u32) <: usize in + let sampled_i16s:t_Array i16 (mk_usize 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s - ((sz 8 *! chunk_number <: usize) +! offset <: usize) + ((mk_usize 8 *! chunk_number <: usize) +! offset <: usize) (outcome_1_ -! outcome_2_ <: i16) in sampled_i16s)) @@ -338,50 +359,54 @@ let sample_from_binomial_distribution_3_ assert (v (sz 3 *! sz 64) == 192); assert (Seq.length randomness == 192) in - let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in - let sampled_i16s:t_Array i16 (sz 256) = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) + let sampled_i16s:t_Array i16 (mk_usize 256) = + Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 256) + in + let sampled_i16s:t_Array i16 (mk_usize 256) = + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 3) randomness (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let _:usize = temp_1_ in true) sampled_i16s (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in let (random_bits_as_u24: u32):u32 = - ((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. - ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 2396745ul in - let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in + let first_bits:u32 = random_bits_as_u24 &. mk_u32 2396745 in + let second_bits:u32 = (random_bits_as_u24 >>! mk_i32 1 <: u32) &. mk_u32 2396745 in + let third_bits:u32 = (random_bits_as_u24 >>! mk_i32 2 <: u32) &. mk_u32 2396745 in let _:Prims.unit = logand_lemma random_bits_as_u24 (mk_u32 2396745); logand_lemma (random_bits_as_u24 >>! (mk_i32 1) <: u32) (mk_u32 2396745); logand_lemma (random_bits_as_u24 >>! (mk_i32 2) <: u32) (mk_u32 2396745) in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Rust_primitives.Hax.Folds.fold_range_step_by 0l - 24l - (sz 6) + Rust_primitives.Hax.Folds.fold_range_step_by (mk_i32 0) + (mk_i32 24) + (mk_usize 6) (fun sampled_i16s temp_1_ -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let _:i32 = temp_1_ in true) sampled_i16s (fun sampled_i16s outcome_set -> - let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in let outcome_set:i32 = outcome_set in let outcome_1_:i16 = - cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32) <: i16 + cast ((coin_toss_outcomes >>! outcome_set <: u32) &. mk_u32 7 <: u32) <: i16 in let outcome_2_:i16 = - cast ((coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) &. 7ul <: u32) + cast ((coin_toss_outcomes >>! (outcome_set +! mk_i32 3 <: i32) <: u32) &. mk_u32 7 + <: + u32) <: i16 in @@ -395,10 +420,10 @@ let sample_from_binomial_distribution_3_ assert (v (sz 4 *! chunk_number <: usize) <= 252); assert (v (cast (outcome_set /! (mk_i32 6) <: i32) <: usize) <= 3) in - let offset:usize = cast (outcome_set /! 6l <: i32) <: usize in - let sampled_i16s:t_Array i16 (sz 256) = + let offset:usize = cast (outcome_set /! mk_i32 6 <: i32) <: usize in + let sampled_i16s:t_Array i16 (mk_usize 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s - ((sz 4 *! chunk_number <: usize) +! offset <: usize) + ((mk_usize 4 *! chunk_number <: usize) +! offset <: usize) (outcome_1_ -! outcome_2_ <: i16) in sampled_i16s)) @@ -418,8 +443,8 @@ let sample_from_binomial_distribution let _:Prims.unit = assert ((v (cast v_ETA <: u32) == 2) \/ (v (cast v_ETA <: u32) == 3)) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = match cast (v_ETA <: usize) <: u32 with - | 2ul -> sample_from_binomial_distribution_2_ #v_Vector randomness - | 3ul -> sample_from_binomial_distribution_3_ #v_Vector randomness + | Rust_primitives.Integers.MkInt 2 -> sample_from_binomial_distribution_2_ #v_Vector randomness + | Rust_primitives.Integers.MkInt 3 -> sample_from_binomial_distribution_3_ #v_Vector randomness | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti index ecaa33053..a1d36d0f0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti @@ -49,8 +49,8 @@ val sample_from_uniform_distribution_next {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Array (t_Array u8 v_N) v_K) (sampled_coefficients: t_Array usize v_K) - (out: t_Array (t_Array i16 (sz 272)) v_K) - : Prims.Pure (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) + (out: t_Array (t_Array i16 (mk_usize 272)) v_K) + : Prims.Pure (t_Array usize v_K & t_Array (t_Array i16 (mk_usize 272)) v_K & bool) Prims.l_True (fun _ -> Prims.l_True) @@ -59,7 +59,7 @@ val sample_from_xof (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (seeds: t_Array (t_Array u8 (sz 34)) v_K) + (seeds: t_Array (t_Array u8 (mk_usize 34)) v_K) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -107,7 +107,8 @@ val sample_from_binomial_distribution_2_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 randomness <: usize) =. (sz 2 *! sz 64 <: usize)) + (requires + (Core.Slice.impl__len #u8 randomness <: usize) =. (mk_usize 2 *! mk_usize 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_binomial_distribution_3_ @@ -115,7 +116,8 @@ val sample_from_binomial_distribution_3_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 randomness <: usize) =. (sz 3 *! sz 64 <: usize)) + (requires + (Core.Slice.impl__len #u8 randomness <: usize) =. (mk_usize 3 *! mk_usize 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_binomial_distribution @@ -125,8 +127,8 @@ val sample_from_binomial_distribution (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires - (v_ETA =. sz 2 || v_ETA =. sz 3) && - (Core.Slice.impl__len #u8 randomness <: usize) =. (v_ETA *! sz 64 <: usize)) + (v_ETA =. mk_usize 2 || v_ETA =. mk_usize 3) && + (Core.Slice.impl__len #u8 randomness <: usize) =. (v_ETA *! mk_usize 64 <: usize)) (ensures fun result -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 6948d9108..4126df24b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -28,17 +28,17 @@ let compress_then_serialize_message Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let serialized:t_Array u8 (sz 32) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let serialized:t_Array u8 (mk_usize 32) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun serialized i -> - let serialized:t_Array u8 (sz 32) = serialized in + let serialized:t_Array u8 (mk_usize 32) = serialized in let i:usize = i in v i < 16 ==> coefficients_field_modulus_range re) serialized (fun serialized i -> - let serialized:t_Array u8 (sz 32) = serialized in + let serialized:t_Array u8 (mk_usize 32) = serialized in let i:usize = i in let _:Prims.unit = assert (2 * v i + 2 <= 32) in let _:Prims.unit = @@ -54,23 +54,23 @@ let compress_then_serialize_message #FStar.Tactics.Typeclasses.solve coefficient in - let bytes:t_Array u8 (sz 2) = + let bytes:t_Array u8 (mk_usize 2) = Libcrux_ml_kem.Vector.Traits.f_serialize_1_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficient_compressed in - let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 2 *! i <: usize; - Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize + Core.Ops.Range.f_start = mk_usize 2 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 2 *! i <: usize) +! mk_usize 2 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 2 *! i <: usize; - Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize + Core.Ops.Range.f_start = mk_usize 2 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 2 *! i <: usize) +! mk_usize 2 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -82,7 +82,7 @@ let compress_then_serialize_message in serialized) in - let result:t_Array u8 (sz 32) = serialized in + let result:t_Array u8 (mk_usize 32) = serialized in let _:Prims.unit = admit () (* Panic freedom *) in result @@ -91,14 +91,14 @@ let deserialize_then_decompress_message (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (serialized: t_Array u8 (sz 32)) + (serialized: t_Array u8 (mk_usize 32)) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 16) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + (mk_usize 16) (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let _:usize = temp_1_ in @@ -111,8 +111,8 @@ let deserialize_then_decompress_message Libcrux_ml_kem.Vector.Traits.f_deserialize_1_ #v_Vector #FStar.Tactics.Typeclasses.solve (serialized.[ { - Core.Ops.Range.f_start = sz 2 *! i <: usize; - Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize + Core.Ops.Range.f_start = mk_usize 2 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 2 *! i <: usize) +! mk_usize 2 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -148,17 +148,17 @@ let serialize_uncompressed_ring_element (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let _:Prims.unit = assert_norm (pow2 12 == 4096) in - let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in - let serialized:t_Array u8 (sz 384) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let serialized:t_Array u8 (mk_usize 384) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 384) in + let serialized:t_Array u8 (mk_usize 384) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized i -> - let serialized:t_Array u8 (sz 384) = serialized in + let serialized:t_Array u8 (mk_usize 384) = serialized in let i:usize = i in v i >= 0 /\ v i <= 16 /\ v i < 16 ==> coefficients_field_modulus_range re) serialized (fun serialized i -> - let serialized:t_Array u8 (sz 384) = serialized in + let serialized:t_Array u8 (mk_usize 384) = serialized in let i:usize = i in let _:Prims.unit = assert (24 * v i + 24 <= 384) in let _:Prims.unit = @@ -169,23 +169,23 @@ let serialize_uncompressed_ring_element to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) in - let bytes:t_Array u8 (sz 24) = + let bytes:t_Array u8 (mk_usize 24) = Libcrux_ml_kem.Vector.Traits.f_serialize_12_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficient in - let serialized:t_Array u8 (sz 384) = + let serialized:t_Array u8 (mk_usize 384) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 24 *! i <: usize; - Core.Ops.Range.f_end = (sz 24 *! i <: usize) +! sz 24 <: usize + Core.Ops.Range.f_start = mk_usize 24 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 24 *! i <: usize) +! mk_usize 24 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 24 *! i <: usize; - Core.Ops.Range.f_end = (sz 24 *! i <: usize) +! sz 24 <: usize + Core.Ops.Range.f_start = mk_usize 24 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 24 *! i <: usize) +! mk_usize 24 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -197,7 +197,7 @@ let serialize_uncompressed_ring_element in serialized) in - let result:t_Array u8 (sz 384) = serialized in + let result:t_Array u8 (mk_usize 384) = serialized in let _:Prims.unit = admit () (* Panic freedom *) in result @@ -213,7 +213,7 @@ let deserialize_to_uncompressed_ring_element Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 24) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -236,7 +236,7 @@ let deserialize_to_uncompressed_ring_element <: v_Vector) <: - t_Array v_Vector (sz 16) + t_Array v_Vector (mk_usize 16) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -257,7 +257,7 @@ let deserialize_to_reduced_ring_element Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 24) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -369,9 +369,9 @@ let compress_then_serialize_10_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let _:Prims.unit = assert_norm (pow2 10 == 1024) in - let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat (mk_u8 0) v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -389,13 +389,13 @@ let compress_then_serialize_10_ let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve - 10l + (mk_i32 10) (to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 20) = + let bytes:t_Array u8 (mk_usize 20) = Libcrux_ml_kem.Vector.Traits.f_serialize_10_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficient @@ -403,15 +403,15 @@ let compress_then_serialize_10_ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 20 *! i <: usize; - Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize + Core.Ops.Range.f_start = mk_usize 20 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 20 *! i <: usize) +! mk_usize 20 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 20 *! i <: usize; - Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize + Core.Ops.Range.f_start = mk_usize 20 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 20 *! i <: usize) +! mk_usize 20 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -437,9 +437,9 @@ let compress_then_serialize_11_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat (mk_u8 0) v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized temp_1_ -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -452,13 +452,13 @@ let compress_then_serialize_11_ let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve - 11l + (mk_i32 11) (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 22) = + let bytes:t_Array u8 (mk_usize 22) = Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficient @@ -466,15 +466,15 @@ let compress_then_serialize_11_ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 22 *! i <: usize; - Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize + Core.Ops.Range.f_start = mk_usize 22 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 22 *! i <: usize) +! mk_usize 22 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 22 *! i <: usize; - Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize + Core.Ops.Range.f_start = mk_usize 22 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 22 *! i <: usize) +! mk_usize 22 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -504,8 +504,8 @@ let compress_then_serialize_ring_element_u in let result:t_Array u8 v_OUT_LEN = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 10ul -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re - | 11ul -> compress_then_serialize_11_ v_OUT_LEN #v_Vector re + | Rust_primitives.Integers.MkInt 10 -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re + | Rust_primitives.Integers.MkInt 11 -> compress_then_serialize_11_ v_OUT_LEN #v_Vector re | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -525,7 +525,7 @@ let compress_then_serialize_4_ = let _:Prims.unit = assert_norm (pow2 4 == 16) in let serialized, result:(t_Slice u8 & Prims.unit) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -544,13 +544,13 @@ let compress_then_serialize_4_ let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve - 4l + (mk_i32 4) (to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 8) = + let bytes:t_Array u8 (mk_usize 8) = Libcrux_ml_kem.Vector.Traits.f_serialize_4_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficient @@ -558,15 +558,15 @@ let compress_then_serialize_4_ let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 8 *! i <: usize; - Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize + Core.Ops.Range.f_start = mk_usize 8 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 8 *! i <: usize) +! mk_usize 8 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 8 *! i <: usize; - Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize + Core.Ops.Range.f_start = mk_usize 8 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 8 *! i <: usize) +! mk_usize 8 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -596,7 +596,7 @@ let compress_then_serialize_5_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in @@ -609,13 +609,13 @@ let compress_then_serialize_5_ let coefficients:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve - 5l + (mk_i32 5) (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 10) = + let bytes:t_Array u8 (mk_usize 10) = Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #v_Vector #FStar.Tactics.Typeclasses.solve coefficients @@ -623,15 +623,15 @@ let compress_then_serialize_5_ let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = sz 10 *! i <: usize; - Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize + Core.Ops.Range.f_start = mk_usize 10 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 10 *! i <: usize) +! mk_usize 10 <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (serialized.[ { - Core.Ops.Range.f_start = sz 10 *! i <: usize; - Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize + Core.Ops.Range.f_start = mk_usize 10 *! i <: usize; + Core.Ops.Range.f_end = (mk_usize 10 *! i <: usize) +! mk_usize 10 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -662,8 +662,10 @@ let compress_then_serialize_ring_element_v in let out, result:(t_Slice u8 & Prims.unit) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 4ul -> compress_then_serialize_4_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) - | 5ul -> compress_then_serialize_5_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) + | Rust_primitives.Integers.MkInt 4 -> + compress_then_serialize_4_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) + | Rust_primitives.Integers.MkInt 5 -> + compress_then_serialize_5_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) | _ -> out, Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -691,7 +693,7 @@ let deserialize_then_decompress_10_ Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 20) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 20) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -716,7 +718,7 @@ let deserialize_then_decompress_10_ i (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector #FStar.Tactics.Typeclasses.solve - 10l + (mk_i32 10) coefficient <: v_Vector) @@ -744,7 +746,7 @@ let deserialize_then_decompress_11_ Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 22) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -769,7 +771,7 @@ let deserialize_then_decompress_11_ i (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector #FStar.Tactics.Typeclasses.solve - 11l + (mk_i32 11) coefficient <: v_Vector) @@ -797,8 +799,8 @@ let deserialize_then_decompress_ring_element_u in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 10ul -> deserialize_then_decompress_10_ #v_Vector serialized - | 11ul -> deserialize_then_decompress_11_ #v_Vector serialized + | Rust_primitives.Integers.MkInt 10 -> deserialize_then_decompress_10_ #v_Vector serialized + | Rust_primitives.Integers.MkInt 11 -> deserialize_then_decompress_11_ #v_Vector serialized | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -822,7 +824,7 @@ let deserialize_then_decompress_4_ Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 8) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -847,7 +849,7 @@ let deserialize_then_decompress_4_ i (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector #FStar.Tactics.Typeclasses.solve - 4l + (mk_i32 4) coefficient <: v_Vector) @@ -875,7 +877,7 @@ let deserialize_then_decompress_5_ Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (mk_usize 10) serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -912,7 +914,7 @@ let deserialize_then_decompress_5_ i (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector #FStar.Tactics.Typeclasses.solve - 5l + (mk_i32 5) (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -940,8 +942,8 @@ let deserialize_then_decompress_ring_element_v in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 4ul -> deserialize_then_decompress_4_ #v_Vector serialized - | 5ul -> deserialize_then_decompress_5_ #v_Vector serialized + | Rust_primitives.Integers.MkInt 4 -> deserialize_then_decompress_4_ #v_Vector serialized + | Rust_primitives.Integers.MkInt 5 -> deserialize_then_decompress_5_ #v_Vector serialized | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index 9cdba581c..0afb38361 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -42,11 +42,11 @@ val compress_then_serialize_message (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 (sz 32)) + : Prims.Pure (t_Array u8 (mk_usize 32)) (requires coefficients_field_modulus_range re) (ensures fun result -> - let result:t_Array u8 (sz 32) = result in + let result:t_Array u8 (mk_usize 32) = result in result == Spec.MLKEM.compress_then_encode_message (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re)) @@ -54,7 +54,7 @@ val compress_then_serialize_message val deserialize_then_decompress_message (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - (serialized: t_Array u8 (sz 32)) + (serialized: t_Array u8 (mk_usize 32)) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (ensures @@ -67,11 +67,11 @@ val serialize_uncompressed_ring_element (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 (sz 384)) + : Prims.Pure (t_Array u8 (mk_usize 384)) (requires coefficients_field_modulus_range re) (ensures fun result -> - let result:t_Array u8 (sz 384) = result in + let result:t_Array u8 (mk_usize 384) = result in result == Spec.MLKEM.byte_encode 12 (Libcrux_ml_kem.Polynomial.to_spec_poly_t #v_Vector re)) @@ -190,7 +190,7 @@ val compress_then_serialize_5_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 160) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 160) (ensures fun serialized_future -> let serialized_future:t_Slice u8 = serialized_future in @@ -221,7 +221,7 @@ val deserialize_then_decompress_10_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 320) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 320) (fun _ -> Prims.l_True) val deserialize_then_decompress_11_ @@ -229,7 +229,7 @@ val deserialize_then_decompress_11_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 352) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 352) (fun _ -> Prims.l_True) val deserialize_then_decompress_ring_element_u @@ -239,8 +239,9 @@ val deserialize_then_decompress_ring_element_u (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires - (v_COMPRESSION_FACTOR =. sz 10 || v_COMPRESSION_FACTOR =. sz 11) && - (Core.Slice.impl__len #u8 serialized <: usize) =. (sz 32 *! v_COMPRESSION_FACTOR <: usize)) + (v_COMPRESSION_FACTOR =. mk_usize 10 || v_COMPRESSION_FACTOR =. mk_usize 11) && + (Core.Slice.impl__len #u8 serialized <: usize) =. + (mk_usize 32 *! v_COMPRESSION_FACTOR <: usize)) (ensures fun result -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -252,7 +253,7 @@ val deserialize_then_decompress_4_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 128) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 128) (fun _ -> Prims.l_True) val deserialize_then_decompress_5_ @@ -260,7 +261,7 @@ val deserialize_then_decompress_5_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 160) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. mk_usize 160) (fun _ -> Prims.l_True) val deserialize_then_decompress_ring_element_v diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index f47d6311e..ebaa64544 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -14,7 +14,7 @@ let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) = f_default = fun (_: Prims.unit) -> - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MlKemCiphertext v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -114,7 +114,7 @@ let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) = f_default = fun (_: Prims.unit) -> - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MlKemPrivateKey v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -214,7 +214,7 @@ let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) = f_default = fun (_: Prims.unit) -> - { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE + { f_value = Rust_primitives.Hax.repeat (mk_u8 0) v_SIZE } <: t_MlKemPublicKey v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst index 76538dbd7..84267e501 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst @@ -4,18 +4,18 @@ open Core open FStar.Mul let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = - let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat (mk_u8 0) v_LEN in let out:t_Array u8 v_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (out.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize } <: @@ -47,18 +47,24 @@ let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = #push-options "--z3rlimit 200" -let prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (domain_separator: u8) = +let prf_input_inc + (v_K: usize) + (prf_inputs: t_Array (t_Array u8 (mk_usize 33)) v_K) + (domain_separator: u8) + = let v__domain_separator_init:u8 = domain_separator in - let v__prf_inputs_init:t_Array (t_Array u8 (sz 33)) v_K = - Core.Clone.f_clone #(t_Array (t_Array u8 (sz 33)) v_K) + let v__prf_inputs_init:t_Array (t_Array u8 (mk_usize 33)) v_K = + Core.Clone.f_clone #(t_Array (t_Array u8 (mk_usize 33)) v_K) #FStar.Tactics.Typeclasses.solve prf_inputs in - let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Rust_primitives.Hax.Folds.fold_range (sz 0) + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (mk_usize 33)) v_K) = + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) v_K (fun temp_0_ i -> - let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (mk_usize 33)) v_K) = + temp_0_ + in let i:usize = i in v domain_separator == v v__domain_separator_init + v i /\ (v i < v v_K ==> @@ -69,25 +75,27 @@ let prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (d v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\ Seq.slice (Seq.index prf_inputs j) 0 32 == Seq.slice (Seq.index v__prf_inputs_init j) 0 32)) - (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) + (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (mk_usize 33)) v_K)) (fun temp_0_ i -> - let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (mk_usize 33)) v_K) = + temp_0_ + in let i:usize = i in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = + let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs i (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] <: - t_Array u8 (sz 33)) - (sz 32) + t_Array u8 (mk_usize 33)) + (mk_usize 32) domain_separator <: - t_Array u8 (sz 33)) + t_Array u8 (mk_usize 33)) in - let domain_separator:u8 = domain_separator +! 1uy in - domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) + let domain_separator:u8 = domain_separator +! mk_u8 1 in + domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (mk_usize 33)) v_K)) in let hax_temp_output:u8 = domain_separator in - prf_inputs, hax_temp_output <: (t_Array (t_Array u8 (sz 33)) v_K & u8) + prf_inputs, hax_temp_output <: (t_Array (t_Array u8 (mk_usize 33)) v_K & u8) #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti index 4acb09bf8..cbaa9b3fd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -13,12 +13,15 @@ val into_padded_array (v_LEN: usize) (slice: t_Slice u8) result == Seq.append slice (Seq.create (v v_LEN - v (Core.Slice.impl__len #u8 slice)) (mk_u8 0))) -val prf_input_inc (v_K: usize) (prf_inputs: t_Array (t_Array u8 (sz 33)) v_K) (domain_separator: u8) - : Prims.Pure (t_Array (t_Array u8 (sz 33)) v_K & u8) +val prf_input_inc + (v_K: usize) + (prf_inputs: t_Array (t_Array u8 (mk_usize 33)) v_K) + (domain_separator: u8) + : Prims.Pure (t_Array (t_Array u8 (mk_usize 33)) v_K & u8) (requires range (v domain_separator + v v_K) u8_inttype) (ensures fun temp_0_ -> - let prf_inputs_future, ds:(t_Array (t_Array u8 (sz 33)) v_K & u8) = temp_0_ in + let prf_inputs_future, ds:(t_Array (t_Array u8 (mk_usize 33)) v_K & u8) = temp_0_ in v ds == v domain_separator + v v_K /\ (forall (i: nat). i < v v_K ==> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst index dcdeb0041..70a8e991a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fst @@ -24,7 +24,7 @@ let impl: t_Variant t_MlKem = (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) -> - (Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32); + (Core.Slice.impl__len #u8 shared_secret <: usize) =. mk_usize 32); f_kdf_post = (fun @@ -36,7 +36,7 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - (res: t_Array u8 (sz 32)) + (res: t_Array u8 (mk_usize 32)) -> res == shared_secret); f_kdf @@ -51,8 +51,8 @@ let impl: t_Variant t_MlKem = (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in + let out:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let out:t_Array u8 (mk_usize 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in out); f_entropy_preprocess_pre = @@ -64,7 +64,7 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) -> - (Core.Slice.impl__len #u8 randomness <: usize) =. sz 32); + (Core.Slice.impl__len #u8 randomness <: usize) =. mk_usize 32); f_entropy_preprocess_post = (fun @@ -74,7 +74,7 @@ let impl: t_Variant t_MlKem = i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) - (res: t_Array u8 (sz 32)) + (res: t_Array u8 (mk_usize 32)) -> res == randomness); f_entropy_preprocess @@ -87,8 +87,8 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in + let out:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in + let out:t_Array u8 (mk_usize 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in out); f_cpa_keygen_seed_pre = @@ -100,7 +100,7 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (key_generation_seed: t_Slice u8) -> - (Core.Slice.impl__len #u8 key_generation_seed <: usize) =. sz 32); + (Core.Slice.impl__len #u8 key_generation_seed <: usize) =. mk_usize 32); f_cpa_keygen_seed_post = (fun @@ -110,7 +110,7 @@ let impl: t_Variant t_MlKem = i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (key_generation_seed: t_Slice u8) - (res: t_Array u8 (sz 64)) + (res: t_Array u8 (mk_usize 64)) -> Seq.length key_generation_seed == 32 ==> res == Spec.Utils.v_G (Seq.append key_generation_seed (Seq.create 1 (cast v_K <: u8)))); @@ -124,18 +124,18 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (key_generation_seed: t_Slice u8) -> - let seed:t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in - let seed:t_Array u8 (sz 33) = + let seed:t_Array u8 (mk_usize 33) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 33) in + let seed:t_Array u8 (mk_usize 33) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range seed ({ - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 (seed.[ { - Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE @@ -148,7 +148,7 @@ let impl: t_Variant t_MlKem = <: t_Slice u8) in - let seed:t_Array u8 (sz 33) = + let seed:t_Array u8 (mk_usize 33) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE (cast (v_K <: usize) <: u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti index 9737e9b24..cd3d4d262 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti @@ -21,7 +21,7 @@ class t_Variant (v_Self: Type0) = { {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> shared_secret: t_Slice u8 -> ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> pred: Type0{(Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 shared_secret <: usize) =. mk_usize 32 ==> pred}; f_kdf_post: v_K: usize -> v_CIPHERTEXT_SIZE: usize -> @@ -29,7 +29,7 @@ class t_Variant (v_Self: Type0) = { {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> shared_secret: t_Slice u8 -> ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> - res: t_Array u8 (sz 32) + res: t_Array u8 (mk_usize 32) -> pred: Type0{pred ==> res == shared_secret}; f_kdf: v_K: usize -> @@ -38,7 +38,7 @@ class t_Variant (v_Self: Type0) = { {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> x0: t_Slice u8 -> x1: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> Prims.Pure (t_Array u8 (sz 32)) + -> Prims.Pure (t_Array u8 (mk_usize 32)) (f_kdf_pre v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1) (fun result -> f_kdf_post v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1 result); f_entropy_preprocess_pre: @@ -46,20 +46,20 @@ class t_Variant (v_Self: Type0) = { #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> randomness: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 randomness <: usize) =. sz 32 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 randomness <: usize) =. mk_usize 32 ==> pred}; f_entropy_preprocess_post: v_K: usize -> #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> randomness: t_Slice u8 -> - res: t_Array u8 (sz 32) + res: t_Array u8 (mk_usize 32) -> pred: Type0{pred ==> res == randomness}; f_entropy_preprocess: v_K: usize -> #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) + -> Prims.Pure (t_Array u8 (mk_usize 32)) (f_entropy_preprocess_pre v_K #v_Hasher #i3 x0) (fun result -> f_entropy_preprocess_post v_K #v_Hasher #i3 x0 result); f_cpa_keygen_seed_pre: @@ -67,13 +67,13 @@ class t_Variant (v_Self: Type0) = { #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> seed: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 seed <: usize) =. sz 32 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 seed <: usize) =. mk_usize 32 ==> pred}; f_cpa_keygen_seed_post: v_K: usize -> #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> seed: t_Slice u8 -> - res: t_Array u8 (sz 64) + res: t_Array u8 (mk_usize 64) -> pred: Type0 { pred ==> @@ -84,7 +84,7 @@ class t_Variant (v_Self: Type0) = { #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) + -> Prims.Pure (t_Array u8 (mk_usize 64)) (f_cpa_keygen_seed_pre v_K #v_Hasher #i3 x0) (fun result -> f_cpa_keygen_seed_post v_K #v_Hasher #i3 x0 result) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index 1a284a2e4..b9f57b7a3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -99,7 +99,7 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = assert (forall i. get_lane vv_minus_field_modulus i == get_lane vector i -. (mk_i16 3329)) in let sign_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 15l vv_minus_field_modulus + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 (mk_i32 15) vv_minus_field_modulus in let _:Prims.unit = assert (forall i. get_lane sign_mask i == (get_lane vv_minus_field_modulus i >>! (mk_i32 15))) @@ -148,7 +148,7 @@ let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = i16)) in let t512:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 512s + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 (mk_i16 512) in let _:Prims.unit = assert (forall i. get_lane t512 i == (mk_i16 512)) in let t1:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -156,7 +156,7 @@ let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in let _:Prims.unit = assert (forall i. get_lane t1 i == get_lane t0 i +. (mk_i16 512)) in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 10l t1 + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 (mk_i32 10) t1 in let _:Prims.unit = assert (forall i. get_lane quotient i == (((get_lane t1 i) <: i16) >>! ((mk_i32 10) <: i32))) @@ -363,16 +363,16 @@ let montgomery_reduce_i32s (vec: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.t_Vec256) in let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi32 16l vec + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi32 (mk_i32 16) vec in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 16l result + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 (mk_i32 16) result in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 16l result + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 (mk_i32 16) result in let _:Prims.unit = admit () (* Panic freedom *) in result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index 1b278c5fb..a147e72e1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -46,7 +46,7 @@ val bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) val shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (requires v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in @@ -70,7 +70,7 @@ val cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) then get_lane vector i -! (mk_i16 3329) else get_lane vector i)) -let v_BARRETT_MULTIPLIER: i16 = 20159s +let v_BARRETT_MULTIPLIER: i16 = mk_i16 20159 /// See Section 3.2 of the implementation notes document for an explanation /// of this code. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst index c84cf4a1c..f826941d2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst @@ -9,11 +9,11 @@ let mulhi_mm256_epi32 (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in let prod13:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epu32 (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 - 245l + (mk_i32 245) lhs <: Libcrux_intrinsics.Avx2_extract.t_Vec256) - (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l rhs + (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) rhs <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in @@ -29,19 +29,19 @@ let mulhi_mm256_epi32 (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let compress_message_coefficient (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let field_modulus_halved:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 ((Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS -! - 1s + mk_i16 1 <: i16) /! - 2s + mk_i16 2 <: i16) in let field_modulus_quartered:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 ((Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS -! - 1s + mk_i16 1 <: i16) /! - 4s + mk_i16 4 <: i16) in @@ -49,7 +49,7 @@ let compress_message_coefficient (vector: Libcrux_intrinsics.Avx2_extract.t_Vec2 Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 field_modulus_halved vector in let mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 15l shifted + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 (mk_i32 15) shifted in let shifted_to_positive:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_xor_si256 mask shifted @@ -57,7 +57,7 @@ let compress_message_coefficient (vector: Libcrux_intrinsics.Avx2_extract.t_Vec2 let shifted_to_positive_in_range:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 shifted_to_positive field_modulus_quartered in - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 15l shifted_to_positive_in_range + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 (mk_i32 15) shifted_to_positive_in_range let compress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) @@ -69,18 +69,19 @@ let compress_ciphertext_coefficient i16) <: i32) -! - 1l + mk_i32 1 <: i32) /! - 2l + mk_i32 2 <: i32) in let compression_factor:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 10321340l + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (mk_i32 10321340) in let coefficient_bits_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 ((1l < Prims.l_True) -let ntt_multiply__PERMUTE_WITH: i32 = 216l +let ntt_multiply__PERMUTE_WITH: i32 = mk_i32 216 val ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index b41e18824..ebc4d32d3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -15,7 +15,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = let compare_with_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi16 field_modulus potential_coefficients in - let good:t_Array u8 (sz 2) = + let good:t_Array u8 (mk_usize 2) = Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ compare_with_field_modulus in let _:Prims.unit = @@ -31,8 +31,9 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = (cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize) +! sz 8 })) in - let lower_shuffles:t_Array u8 (sz 16) = - Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 0 ] + let lower_shuffles:t_Array u8 (mk_usize 16) = + Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ mk_usize + 0 ] <: u8) <: @@ -51,10 +52,11 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = Libcrux_intrinsics.Avx2_extract.mm_storeu_si128 output lower_coefficients in let sampled_count:usize = - cast (Core.Num.impl__u8__count_ones (good.[ sz 0 ] <: u8) <: u32) <: usize + cast (Core.Num.impl__u8__count_ones (good.[ mk_usize 0 ] <: u8) <: u32) <: usize in - let upper_shuffles:t_Array u8 (sz 16) = - Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 1 ] + let upper_shuffles:t_Array u8 (mk_usize 16) = + Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ mk_usize + 1 ] <: u8) <: @@ -64,7 +66,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) potential_coefficients in let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles @@ -73,13 +75,13 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range output ({ Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 8 <: usize } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Avx2_extract.mm_storeu_si128 (output.[ { Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize + Core.Ops.Range.f_end = sampled_count +! mk_usize 8 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -90,7 +92,8 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = t_Slice i16) in let hax_temp_output:usize = - sampled_count +! (cast (Core.Num.impl__u8__count_ones (good.[ sz 1 ] <: u8) <: u32) <: usize) + sampled_count +! + (cast (Core.Num.impl__u8__count_ones (good.[ mk_usize 1 ] <: u8) <: u32) <: usize) in output, hax_temp_output <: (t_Slice i16 & usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti index 767350ac5..6f9cc3437 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti @@ -6,8 +6,8 @@ open FStar.Mul val rejection_sample (input: t_Slice u8) (output: t_Slice i16) : Prims.Pure (t_Slice i16 & usize) (requires - (Core.Slice.impl__len #u8 input <: usize) =. sz 24 && - (Core.Slice.impl__len #i16 output <: usize) =. sz 16) + (Core.Slice.impl__len #u8 input <: usize) =. mk_usize 24 && + (Core.Slice.impl__len #i16 output <: usize) =. mk_usize 16) (ensures fun temp_0_ -> let output_future, res:(t_Slice i16 & usize) = temp_0_ in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 280c254b4..245ce78ea 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -14,13 +14,13 @@ let _ = let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi16 15l vector + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi16 (mk_i32 15) vector in let low_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 lsb_to_msb in let high_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l lsb_to_msb + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 (mk_i32 1) lsb_to_msb in let msbs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_packs_epi16 low_msbs high_msbs @@ -36,8 +36,8 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Tactics.smt_sync ()))) in let bits_packed:i32 = Libcrux_intrinsics.Avx2_extract.mm_movemask_epi8 msbs in - let result:t_Array u8 (sz 2) = - let list = [cast (bits_packed <: i32) <: u8; cast (bits_packed >>! 8l <: i32) <: u8] in + let result:t_Array u8 (mk_usize 2) = + let list = [cast (bits_packed <: i32) <: u8; cast (bits_packed >>! mk_i32 8 <: i32) <: u8] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); Rust_primitives.Hax.array_of_list 2 list in @@ -59,14 +59,18 @@ let deserialize_1___deserialize_1_i16s (a b: i16) = in let coefficients_in_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s <= 1 ==> vector i == 0) (ensures fun result -> - let result:t_Array u8 (sz 2) = result in + let result:t_Array u8 (mk_usize 2) = result in forall i. bit_vec_of_int_t_array result 8 i == vector (i * 16)) val deserialize_1___deserialize_1_i16s (a b: i16) @@ -48,7 +48,7 @@ val deserialize_1___deserialize_1_u8s (a b: u8) val deserialize_1_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 2) (ensures fun coefficients -> let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in @@ -63,11 +63,11 @@ val deserialize_1_ (bytes: t_Slice u8) include BitVec.Intrinsics {mm256_concat_pairs_n} val serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 8)) + : Prims.Pure (t_Array u8 (mk_usize 8)) (requires forall (i: nat{i < 256}). i % 16 < 4 || vector i = 0) (ensures fun r -> - let r:t_Array u8 (sz 8) = r in + let r:t_Array u8 (mk_usize 8) = r in forall (i: nat{i < 64}). bit_vec_of_int_t_array r 8 i == vector ((i / 4) * 16 + i % 4)) val deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) @@ -116,7 +116,7 @@ val deserialize_4___deserialize_4_u8s (b0 b1 b2 b3 b4 b5 b6 b7: u8) val deserialize_4_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in @@ -129,7 +129,7 @@ val deserialize_4_ (bytes: t_Slice u8) bit_vec_of_int_t_array (bytes <: t_Array _ (sz 8)) 8 j)) val serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 10)) Prims.l_True (fun _ -> Prims.l_True) include BitVec.Intrinsics {mm256_si256_from_two_si128 as mm256_si256_from_two_si128} @@ -147,15 +147,15 @@ val serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_V vector ((i / 10) * 16 + i % 10) == (if i < 80 then lower_8_ i else upper_8_ (i - 80))) val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 20)) + : Prims.Pure (t_Array u8 (mk_usize 20)) (requires forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0) (ensures fun r -> - let r:t_Array u8 (sz 20) = r in + let r:t_Array u8 (mk_usize 20) = r in forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i / 10) * 16 + i % 10)) val serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -174,11 +174,11 @@ val serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_V vector ((i / 12) * 16 + i % 12) == (if i < 96 then lower_8_ i else upper_8_ (i - 96))) val serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 24)) + : Prims.Pure (t_Array u8 (mk_usize 24)) (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) (ensures fun r -> - let r:t_Array u8 (sz 24) = r in + let r:t_Array u8 (mk_usize 24) = r in forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i / 12) * 16 + i % 12)) val deserialize_5_ (bytes: t_Slice u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index 1583b01e7..a892086c8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -29,11 +29,11 @@ let vec_zero (_: Prims.unit) = result let vec_to_i16_array (v: t_SIMD256Vector) = - let output:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in - let output:t_Array i16 (sz 16) = + let output:t_Array i16 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 16) in + let output:t_Array i16 (mk_usize 16) = Libcrux_intrinsics.Avx2_extract.mm256_storeu_si256_i16 output v.f_elements in - let result:t_Array i16 (sz 16) = output in + let result:t_Array i16 (mk_usize 16) = output in let _:Prims.unit = admit () (* Panic freedom *) in result @@ -220,7 +220,7 @@ let impl: Libcrux_ml_kem.Vector.Traits.t_Repr t_SIMD256Vector = _super_13011033735201511749 = FStar.Tactics.Typeclasses.solve; _super_9529721400157967266 = FStar.Tactics.Typeclasses.solve; f_repr_pre = (fun (x: t_SIMD256Vector) -> true); - f_repr_post = (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true); + f_repr_post = (fun (x: t_SIMD256Vector) (out: t_Array i16 (mk_usize 16)) -> true); f_repr = fun (x: t_SIMD256Vector) -> vec_to_i16_array x } @@ -237,7 +237,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ZERO = (fun (_: Prims.unit) -> vec_zero ()); f_from_i16_array_pre = - (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); + (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. mk_usize 16); f_from_i16_array_post = (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> impl.f_repr out == array); @@ -245,7 +245,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_to_i16_array_pre = (fun (x: t_SIMD256Vector) -> true); f_to_i16_array_post = - (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x); + (fun (x: t_SIMD256Vector) (out: t_Array i16 (mk_usize 16)) -> out == impl.f_repr x); f_to_i16_array = (fun (x: t_SIMD256Vector) -> vec_to_i16_array x); f_add_pre = @@ -321,7 +321,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_shift_right_pre = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l); + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> + v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16); f_shift_right_post = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> @@ -557,13 +558,13 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector)); f_serialize_1_post = - (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) -> + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 2)) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr vector) out); f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> serialize_1_ vector); f_deserialize_1_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 2); f_deserialize_1_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> @@ -574,27 +575,27 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector)); f_serialize_4_post = - (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 8)) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr vector) out); f_serialize_4_ = (fun (vector: t_SIMD256Vector) -> serialize_4_ vector); f_deserialize_4_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8); f_deserialize_4_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (impl.f_repr out)); f_deserialize_4_ = (fun (bytes: t_Slice u8) -> deserialize_4_ bytes); f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 10)) -> true); + f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 10)) -> true); f_serialize_5_ = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements); f_deserialize_5_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 10); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 10); f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_5_ = @@ -608,27 +609,27 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector)); f_serialize_10_post = - (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 20)) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr vector) out); f_serialize_10_ = (fun (vector: t_SIMD256Vector) -> serialize_10_ vector); f_deserialize_10_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20); f_deserialize_10_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (impl.f_repr out)); f_deserialize_10_ = (fun (bytes: t_Slice u8) -> deserialize_10_ bytes); f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 22)) -> true); + f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 22)) -> true); f_serialize_11_ = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_11_ vector.f_elements); f_deserialize_11_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 22); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 22); f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_11_ = @@ -641,13 +642,13 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector)); f_serialize_12_post = - (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 24)) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr vector) out); f_serialize_12_ = (fun (vector: t_SIMD256Vector) -> serialize_12_ vector); f_deserialize_12_pre = - (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24); + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 24); f_deserialize_12_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> @@ -656,8 +657,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_rej_sample_pre = (fun (input: t_Slice u8) (output: t_Slice i16) -> - (Core.Slice.impl__len #u8 input <: usize) =. sz 24 && - (Core.Slice.impl__len #i16 output <: usize) =. sz 16); + (Core.Slice.impl__len #u8 input <: usize) =. mk_usize 24 && + (Core.Slice.impl__len #i16 output <: usize) =. mk_usize 16); f_rej_sample_post = (fun (input: t_Slice u8) (output: t_Slice i16) (output_future, result: (t_Slice i16 & usize)) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 6f325581e..6c5e6c729 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -30,11 +30,11 @@ val vec_zero: Prims.unit repr result == Seq.create 16 (mk_i16 0)) val vec_to_i16_array (v: t_SIMD256Vector) - : Prims.Pure (t_Array i16 (sz 16)) + : Prims.Pure (t_Array i16 (mk_usize 16)) Prims.l_True (ensures fun result -> - let result:t_Array i16 (sz 16) = result in + let result:t_Array i16 (mk_usize 16) = result in result == repr v) val vec_from_i16_array (array: t_Slice i16) @@ -150,68 +150,68 @@ val ntt_multiply (lhs rhs: t_SIMD256Vector) (zeta0 zeta1 zeta2 zeta3: i16) Spec.Utils.is_i16b_array 3328 (repr out)) val serialize_1_ (vector: t_SIMD256Vector) - : Prims.Pure (t_Array u8 (sz 2)) + : Prims.Pure (t_Array u8 (mk_usize 2)) (requires Spec.MLKEM.serialize_pre 1 (repr vector)) (ensures fun out -> - let out:t_Array u8 (sz 2) = out in + let out:t_Array u8 (mk_usize 2) = out in Spec.MLKEM.serialize_pre 1 (repr vector) ==> Spec.MLKEM.serialize_post 1 (repr vector) out ) val deserialize_1_ (bytes: t_Slice u8) : Prims.Pure t_SIMD256Vector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 2) (ensures fun out -> let out:t_SIMD256Vector = out in sz (Seq.length bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 bytes (repr out)) val serialize_4_ (vector: t_SIMD256Vector) - : Prims.Pure (t_Array u8 (sz 8)) + : Prims.Pure (t_Array u8 (mk_usize 8)) (requires Spec.MLKEM.serialize_pre 4 (repr vector)) (ensures fun out -> - let out:t_Array u8 (sz 8) = out in + let out:t_Array u8 (mk_usize 8) = out in Spec.MLKEM.serialize_pre 4 (repr vector) ==> Spec.MLKEM.serialize_post 4 (repr vector) out ) val deserialize_4_ (bytes: t_Slice u8) : Prims.Pure t_SIMD256Vector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8) (ensures fun out -> let out:t_SIMD256Vector = out in sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (repr out)) val serialize_10_ (vector: t_SIMD256Vector) - : Prims.Pure (t_Array u8 (sz 20)) + : Prims.Pure (t_Array u8 (mk_usize 20)) (requires Spec.MLKEM.serialize_pre 10 (repr vector)) (ensures fun out -> - let out:t_Array u8 (sz 20) = out in + let out:t_Array u8 (mk_usize 20) = out in Spec.MLKEM.serialize_pre 10 (repr vector) ==> Spec.MLKEM.serialize_post 10 (repr vector) out) val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure t_SIMD256Vector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20) (ensures fun out -> let out:t_SIMD256Vector = out in sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (repr out)) val serialize_12_ (vector: t_SIMD256Vector) - : Prims.Pure (t_Array u8 (sz 24)) + : Prims.Pure (t_Array u8 (mk_usize 24)) (requires Spec.MLKEM.serialize_pre 12 (repr vector)) (ensures fun out -> - let out:t_Array u8 (sz 24) = out in + let out:t_Array u8 (mk_usize 24) = out in Spec.MLKEM.serialize_pre 12 (repr vector) ==> Spec.MLKEM.serialize_post 12 (repr vector) out) val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure t_SIMD256Vector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 24) (ensures fun out -> let out:t_SIMD256Vector = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst index 4709c35c0..b22cca873 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst @@ -132,7 +132,7 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_S v let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let c:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 3329s in + let c:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 3329) in let m0:u8 = Libcrux_intrinsics.Arm64_extract.v__vcgeq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c in @@ -172,10 +172,10 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vect v let barrett_reduce_int16x8_t (v: u8) = - let adder:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 1024s in + let adder:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 1024) in let vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 v v_BARRETT_MULTIPLIER in let vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vaddq_s16 vec adder in - let quotient:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 11l vec in + let quotient:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 11) vec in let sub:u8 = Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 quotient Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS @@ -214,7 +214,7 @@ let montgomery_reduce_int16x8_t (low high: u8) = u8) in let c:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 1l + Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 k Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: @@ -225,7 +225,7 @@ let montgomery_reduce_int16x8_t (low high: u8) = let montgomery_multiply_by_constant_int16x8_t (v: u8) (c: i16) = let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 v c in let vv_high:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 1l + Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 v c <: u8) in montgomery_reduce_int16x8_t vv_low vv_high @@ -233,7 +233,7 @@ let montgomery_multiply_by_constant_int16x8_t (v: u8) (c: i16) = let montgomery_multiply_int16x8_t (v c: u8) = let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.v__vmulq_s16 v c in let vv_high:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 1l + Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_s16 v c <: u8) in montgomery_reduce_int16x8_t vv_low vv_high diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti index 3ee9e6fb1..8dfe5c87e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti @@ -33,7 +33,7 @@ val cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vect Prims.l_True (fun _ -> Prims.l_True) -let v_BARRETT_MULTIPLIER: i16 = 20159s +let v_BARRETT_MULTIPLIER: i16 = mk_i16 20159 val barrett_reduce_int16x8_t (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst index b855cdcd5..d9d3c06c3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst @@ -4,13 +4,13 @@ open Core open FStar.Mul let compress_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let half:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 1664s in - let quarter:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 832s in + let half:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 1664) in + let quarter:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 832) in let shifted:u8 = Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 half v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low in - let mask:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 15l shifted in + let mask:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 15) shifted in let shifted_to_positive:u8 = Libcrux_intrinsics.Arm64_extract.v__veorq_s16 mask shifted in let shifted_positive_in_range:u8 = Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 shifted_to_positive quarter @@ -21,7 +21,7 @@ let compress_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.v__vshrq_n_u16 - 15l + (mk_i32 15) (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 shifted_positive_in_range <: u8) @@ -35,7 +35,7 @@ let compress_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 half v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high in - let mask:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 15l shifted in + let mask:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 15) shifted in let shifted_to_positive:u8 = Libcrux_intrinsics.Arm64_extract.v__veorq_s16 mask shifted in let shifted_positive_in_range:u8 = Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 shifted_to_positive quarter @@ -46,7 +46,7 @@ let compress_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.v__vshrq_n_u16 - 15l + (mk_i32 15) (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 shifted_positive_in_range <: u8) @@ -60,24 +60,24 @@ let compress_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let mask_n_least_significant_bits (coefficient_bits: i16) = match coefficient_bits <: i16 with - | 4s -> 15s - | 5s -> 31s - | 10s -> 1023s - | 11s -> 2047s - | x -> (1s < mk_i16 15 + | Rust_primitives.Integers.MkInt 5 -> mk_i16 31 + | Rust_primitives.Integers.MkInt 10 -> mk_i16 1023 + | Rust_primitives.Integers.MkInt 11 -> mk_i16 2047 + | x -> (mk_i16 1 < Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 2)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_1_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -19,7 +19,7 @@ val deserialize_1_ (a: t_Slice u8) (fun _ -> Prims.l_True) val serialize_4_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 8)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_4_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -27,7 +27,7 @@ val deserialize_4_ (v: t_Slice u8) (fun _ -> Prims.l_True) val serialize_5_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 10)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_5_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -35,7 +35,7 @@ val deserialize_5_ (v: t_Slice u8) (fun _ -> Prims.l_True) val serialize_10_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 20)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_10_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -43,7 +43,7 @@ val deserialize_10_ (v: t_Slice u8) (fun _ -> Prims.l_True) val serialize_11_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_11_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -51,7 +51,7 @@ val deserialize_11_ (v: t_Slice u8) (fun _ -> Prims.l_True) val serialize_12_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 24)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_12_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst index 0905daec0..23c1ad334 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst @@ -18,15 +18,15 @@ val impl_1': Core.Marker.t_Copy t_SIMD128Vector let impl_1 = impl_1' let to_i16_array (v: t_SIMD128Vector) = - let out:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in - let out:t_Array i16 (sz 16) = + let out:t_Array i16 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 16) in + let out:t_Array i16 (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + ({ Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 8 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Arm64_extract.v__vst1q_s16 (out.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 8 } <: Core.Ops.Range.t_Range usize ] @@ -36,14 +36,14 @@ let to_i16_array (v: t_SIMD128Vector) = <: t_Slice i16) in - let out:t_Array i16 (sz 16) = + let out:t_Array i16 (mk_usize 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } + ({ Core.Ops.Range.f_start = mk_usize 8; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize) (Libcrux_intrinsics.Arm64_extract.v__vst1q_s16 (out.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 8; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -53,7 +53,7 @@ let to_i16_array (v: t_SIMD128Vector) = <: t_Slice i16) in - let result:t_Array i16 (sz 16) = out in + let result:t_Array i16 (mk_usize 16) = out in let _:Prims.unit = admit () (* Panic freedom *) in result @@ -63,8 +63,8 @@ let from_i16_array (array: t_Slice i16) = f_low = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 8 } <: Core.Ops.Range.t_Range usize ] @@ -73,8 +73,8 @@ let from_i16_array (array: t_Slice i16) = f_high = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 8; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -90,8 +90,8 @@ let from_i16_array (array: t_Slice i16) = let v_ZERO (_: Prims.unit) = let result:t_SIMD128Vector = { - f_low = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 0s; - f_high = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 0s + f_low = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 0); + f_high = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 0) } <: t_SIMD128Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti index d8ba7f0f7..8873c5a91 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti @@ -17,11 +17,11 @@ val impl:Core.Clone.t_Clone t_SIMD128Vector val impl_1:Core.Marker.t_Copy t_SIMD128Vector val to_i16_array (v: t_SIMD128Vector) - : Prims.Pure (t_Array i16 (sz 16)) + : Prims.Pure (t_Array i16 (mk_usize 16)) Prims.l_True (ensures fun result -> - let result:t_Array i16 (sz 16) = result in + let result:t_Array i16 (mk_usize 16) = result in result == repr v) val from_i16_array (array: t_Slice i16) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst index 0a6a9161c..128f4da0b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst @@ -18,7 +18,10 @@ let impl: Libcrux_ml_kem.Vector.Traits.t_Repr Libcrux_ml_kem.Vector.Neon.Vector_ f_repr_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_repr_post = - (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) -> + (fun + (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array i16 (mk_usize 16)) + -> true); f_repr = @@ -27,38 +30,38 @@ let impl: Libcrux_ml_kem.Vector.Traits.t_Repr Libcrux_ml_kem.Vector.Neon.Vector_ } let rej_sample (a: t_Slice u8) (result: t_Slice i16) = - let sampled:usize = sz 0 in + let sampled:usize = mk_usize 0 in let result, sampled:(t_Slice i16 & usize) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks u8) #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks #u8 a (sz 3) <: Core.Slice.Iter.t_Chunks u8) + (Core.Slice.impl__chunks #u8 a (mk_usize 3) <: Core.Slice.Iter.t_Chunks u8) <: Core.Slice.Iter.t_Chunks u8) (result, sampled <: (t_Slice i16 & usize)) (fun temp_0_ bytes -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in let bytes:t_Slice u8 = bytes in - let b1:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in - let b2:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in - let b3:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in - let d1:i16 = ((b2 &. 15s <: i16) <>! 4l <: i16) in + let b1:i16 = cast (bytes.[ mk_usize 0 ] <: u8) <: i16 in + let b2:i16 = cast (bytes.[ mk_usize 1 ] <: u8) <: i16 in + let b3:i16 = cast (bytes.[ mk_usize 2 ] <: u8) <: i16 in + let d1:i16 = ((b2 &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) in let result, sampled:(t_Slice i16 & usize) = - if d1 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + if d1 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. mk_usize 16 then let result:t_Slice i16 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d1 in - result, sampled +! sz 1 <: (t_Slice i16 & usize) + result, sampled +! mk_usize 1 <: (t_Slice i16 & usize) else result, sampled <: (t_Slice i16 & usize) in - if d2 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + if d2 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. mk_usize 16 then let result:t_Slice i16 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d2 in - result, sampled +! sz 1 <: (t_Slice i16 & usize) + result, sampled +! mk_usize 1 <: (t_Slice i16 & usize) else result, sampled <: (t_Slice i16 & usize)) in let hax_temp_output:usize = sampled in @@ -79,7 +82,7 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Neon.Vector_type.v_ZERO ()); f_from_i16_array_pre = - (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); + (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. mk_usize 16); f_from_i16_array_post = (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> @@ -90,7 +93,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_to_i16_array_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_to_i16_array_post = - (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) -> + (fun + (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array i16 (mk_usize 16)) + -> out == impl.f_repr x); f_to_i16_array = @@ -433,7 +439,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_1_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_1_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 2)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 2)) + -> true); f_serialize_1_ = @@ -449,7 +458,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_4_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_4_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 8)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 8)) + -> true); f_serialize_4_ = @@ -465,7 +477,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_5_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 10)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 10)) + -> true); f_serialize_5_ = @@ -481,7 +496,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_10_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_10_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 20)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 20)) + -> true); f_serialize_10_ = @@ -497,7 +515,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_11_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 22)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 22)) + -> true); f_serialize_11_ = @@ -513,7 +534,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_serialize_12_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_serialize_12_post = - (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array u8 (sz 24)) -> + (fun + (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (out: t_Array u8 (mk_usize 24)) + -> true); f_serialize_12_ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index be03cab3d..6bd277379 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -6,7 +6,7 @@ open FStar.Mul #push-options "--z3rlimit 150 --split_queries always" let get_n_least_significant_bits (n: u8) (value: u32) = - let res:u32 = value &. ((1ul < let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -77,7 +77,7 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -119,7 +119,7 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -159,7 +159,7 @@ let bitwise_and_with_constant = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -196,7 +196,7 @@ let bitwise_and_with_constant let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -238,7 +238,7 @@ let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_ty let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -254,7 +254,7 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in if - (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 3329s + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. mk_i16 3329 <: bool then @@ -265,11 +265,12 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! 3329s + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! + mk_i16 3329 <: i16) <: - t_Array i16 (sz 16) + t_Array i16 (mk_usize 16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -292,7 +293,7 @@ let barrett_reduce_element (value: i16) = v_BARRETT_MULTIPLIER <: i32) +! - (Libcrux_ml_kem.Vector.Traits.v_BARRETT_R >>! 1l <: i32) + (Libcrux_ml_kem.Vector.Traits.v_BARRETT_R >>! mk_i32 1 <: i32) in let _:Prims.unit = assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2 * 3329)); @@ -326,7 +327,7 @@ let barrett_reduce_element (value: i16) = let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -488,7 +489,7 @@ let montgomery_multiply_by_constant = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -518,7 +519,7 @@ let montgomery_multiply_by_constant <: i16) <: - t_Array i16 (sz 16) + t_Array i16 (mk_usize 16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index 13695a438..d9e926663 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -3,16 +3,16 @@ module Libcrux_ml_kem.Vector.Portable.Arithmetic open Core open FStar.Mul -let v_MONTGOMERY_SHIFT: u8 = 16uy +let v_MONTGOMERY_SHIFT: u8 = mk_u8 16 -let v_MONTGOMERY_R: i32 = 1l < let result:u32 = result in @@ -71,7 +71,7 @@ val bitwise_and_with_constant val shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (requires v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index f3fe97511..f8b147626 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -6,9 +6,9 @@ open FStar.Mul #push-options "--z3rlimit 200 --ext context_pruning" let compress_message_coefficient (fe: u16) = - let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in + let (shifted: i16):i16 = mk_i16 1664 -! (cast (fe <: u16) <: i16) in let _:Prims.unit = assert (v shifted == 1664 - v fe) in - let mask:i16 = shifted >>! 15l in + let mask:i16 = shifted >>! mk_i32 15 in let _:Prims.unit = assert (v mask = v shifted / pow2 15); assert (if v shifted < 0 then mask = ones else mask = zero) @@ -25,13 +25,13 @@ let compress_message_coefficient (fe: u16) = assert (v shifted >= 0 ==> v shifted_to_positive = v shifted); assert (shifted_to_positive >=. mk_i16 0) in - let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in + let shifted_positive_in_range:i16 = shifted_to_positive -! mk_i16 832 in let _:Prims.unit = assert (1664 - v fe >= 0 ==> v shifted_positive_in_range == 832 - v fe); assert (1664 - v fe < 0 ==> v shifted_positive_in_range == - 2497 + v fe) in - let r0:i16 = shifted_positive_in_range >>! 15l in - let (r1: i16):i16 = r0 &. 1s in + let r0:i16 = shifted_positive_in_range >>! mk_i32 15 in + let (r1: i16):i16 = r0 &. mk_i16 1 in let res:u8 = cast (r1 <: i16) <: u8 in let _:Prims.unit = assert (v r0 = v shifted_positive_in_range / pow2 15); @@ -51,9 +51,9 @@ let compress_message_coefficient (fe: u16) = let compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) = let compressed:u64 = (cast (fe <: u16) <: u64) <>! 35l in + let compressed:u64 = compressed +! mk_u64 1664 in + let compressed:u64 = compressed *! mk_u64 10321340 in + let compressed:u64 = compressed >>! mk_i32 35 in cast (Libcrux_ml_kem.Vector.Portable.Arithmetic.get_n_least_significant_bits coefficient_bits (cast (compressed <: u64) <: u32) <: @@ -80,7 +80,7 @@ let compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) in let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun a i -> let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in @@ -153,7 +153,7 @@ let compress (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) in let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun a i -> let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in @@ -219,7 +219,7 @@ let decompress_ciphertext_coefficient assert_norm (pow2 11 == 2048) in let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 0) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun a i -> let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in @@ -257,14 +257,14 @@ let decompress_ciphertext_coefficient v (decompressed <>! (v_COEFFICIENT_BITS +! mk_i32 1 <: i32)) == v decompressed / pow2 (v v_COEFFICIENT_BITS + 1)) in - let decompressed:i32 = decompressed >>! (v_COEFFICIENT_BITS +! 1l <: i32) in + let decompressed:i32 = decompressed >>! (v_COEFFICIENT_BITS +! mk_i32 1 <: i32) in let _:Prims.unit = assert (v decompressed < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS); assert (v (cast decompressed <: i16) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti index e25c235c8..fdd445812 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti @@ -24,26 +24,27 @@ val compress_message_coefficient (fe: u16) (ensures fun result -> let result:u8 = result in - Hax_lib.implies ((833us <=. fe <: bool) && (fe <=. 2496us <: bool)) + Hax_lib.implies ((mk_u16 833 <=. fe <: bool) && (fe <=. mk_u16 2496 <: bool)) (fun temp_0_ -> let _:Prims.unit = temp_0_ in - result =. 1uy <: bool) && - Hax_lib.implies (~.((833us <=. fe <: bool) && (fe <=. 2496us <: bool)) <: bool) + result =. mk_u8 1 <: bool) && + Hax_lib.implies (~.((mk_u16 833 <=. fe <: bool) && (fe <=. mk_u16 2496 <: bool)) <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in - result =. 0uy <: bool)) + result =. mk_u8 0 <: bool)) val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) : Prims.Pure i16 (requires - (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || - coefficient_bits =. 11uy) && + (coefficient_bits =. mk_u8 4 || coefficient_bits =. mk_u8 5 || coefficient_bits =. mk_u8 10 || + coefficient_bits =. mk_u8 11) && fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: u16)) (ensures fun result -> let result:i16 = result in - result >=. 0s && - result <. (Core.Num.impl__i16__pow 2s (cast (coefficient_bits <: u8) <: u32) <: i16)) + result >=. mk_i16 0 && + result <. + (Core.Num.impl__i16__pow (mk_i16 2) (cast (coefficient_bits <: u8) <: u32) <: i16)) val compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index a7830a398..9c235b4b2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -99,28 +99,28 @@ let ntt_layer_1_step (zeta0 zeta1 zeta2 zeta3: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 0) (sz 2) + ntt_step vec zeta0 (mk_usize 0) (mk_usize 2) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 1) (sz 3) + ntt_step vec zeta0 (mk_usize 1) (mk_usize 3) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 4) (sz 6) + ntt_step vec zeta1 (mk_usize 4) (mk_usize 6) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 5) (sz 7) + ntt_step vec zeta1 (mk_usize 5) (mk_usize 7) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta2 (sz 8) (sz 10) + ntt_step vec zeta2 (mk_usize 8) (mk_usize 10) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta2 (sz 9) (sz 11) + ntt_step vec zeta2 (mk_usize 9) (mk_usize 11) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta3 (sz 12) (sz 14) + ntt_step vec zeta3 (mk_usize 12) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta3 (sz 13) (sz 15) + ntt_step vec zeta3 (mk_usize 13) (mk_usize 15) in vec @@ -133,28 +133,28 @@ let ntt_layer_2_step (zeta0 zeta1: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 0) (sz 4) + ntt_step vec zeta0 (mk_usize 0) (mk_usize 4) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 1) (sz 5) + ntt_step vec zeta0 (mk_usize 1) (mk_usize 5) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 2) (sz 6) + ntt_step vec zeta0 (mk_usize 2) (mk_usize 6) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta0 (sz 3) (sz 7) + ntt_step vec zeta0 (mk_usize 3) (mk_usize 7) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 8) (sz 12) + ntt_step vec zeta1 (mk_usize 8) (mk_usize 12) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 9) (sz 13) + ntt_step vec zeta1 (mk_usize 9) (mk_usize 13) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 10) (sz 14) + ntt_step vec zeta1 (mk_usize 10) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta1 (sz 11) (sz 15) + ntt_step vec zeta1 (mk_usize 11) (mk_usize 15) in vec @@ -164,28 +164,28 @@ let ntt_layer_2_step let ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 0) (sz 8) + ntt_step vec zeta (mk_usize 0) (mk_usize 8) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 1) (sz 9) + ntt_step vec zeta (mk_usize 1) (mk_usize 9) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 2) (sz 10) + ntt_step vec zeta (mk_usize 2) (mk_usize 10) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 3) (sz 11) + ntt_step vec zeta (mk_usize 3) (mk_usize 11) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 4) (sz 12) + ntt_step vec zeta (mk_usize 4) (mk_usize 12) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 5) (sz 13) + ntt_step vec zeta (mk_usize 5) (mk_usize 13) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 6) (sz 14) + ntt_step vec zeta (mk_usize 6) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step vec zeta (sz 7) (sz 15) + ntt_step vec zeta (mk_usize 7) (mk_usize 15) in vec @@ -268,28 +268,28 @@ let inv_ntt_layer_1_step (zeta0 zeta1 zeta2 zeta3: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 0) (sz 2) + inv_ntt_step vec zeta0 (mk_usize 0) (mk_usize 2) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 1) (sz 3) + inv_ntt_step vec zeta0 (mk_usize 1) (mk_usize 3) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 4) (sz 6) + inv_ntt_step vec zeta1 (mk_usize 4) (mk_usize 6) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 5) (sz 7) + inv_ntt_step vec zeta1 (mk_usize 5) (mk_usize 7) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta2 (sz 8) (sz 10) + inv_ntt_step vec zeta2 (mk_usize 8) (mk_usize 10) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta2 (sz 9) (sz 11) + inv_ntt_step vec zeta2 (mk_usize 9) (mk_usize 11) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta3 (sz 12) (sz 14) + inv_ntt_step vec zeta3 (mk_usize 12) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta3 (sz 13) (sz 15) + inv_ntt_step vec zeta3 (mk_usize 13) (mk_usize 15) in let _:Prims.unit = assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 13)); @@ -321,28 +321,28 @@ let inv_ntt_layer_2_step (zeta0 zeta1: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 0) (sz 4) + inv_ntt_step vec zeta0 (mk_usize 0) (mk_usize 4) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 1) (sz 5) + inv_ntt_step vec zeta0 (mk_usize 1) (mk_usize 5) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 2) (sz 6) + inv_ntt_step vec zeta0 (mk_usize 2) (mk_usize 6) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta0 (sz 3) (sz 7) + inv_ntt_step vec zeta0 (mk_usize 3) (mk_usize 7) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 8) (sz 12) + inv_ntt_step vec zeta1 (mk_usize 8) (mk_usize 12) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 9) (sz 13) + inv_ntt_step vec zeta1 (mk_usize 9) (mk_usize 13) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 10) (sz 14) + inv_ntt_step vec zeta1 (mk_usize 10) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta1 (sz 11) (sz 15) + inv_ntt_step vec zeta1 (mk_usize 11) (mk_usize 15) in vec @@ -355,28 +355,28 @@ let inv_ntt_layer_3_step (zeta: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 0) (sz 8) + inv_ntt_step vec zeta (mk_usize 0) (mk_usize 8) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 1) (sz 9) + inv_ntt_step vec zeta (mk_usize 1) (mk_usize 9) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 2) (sz 10) + inv_ntt_step vec zeta (mk_usize 2) (mk_usize 10) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 3) (sz 11) + inv_ntt_step vec zeta (mk_usize 3) (mk_usize 11) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 4) (sz 12) + inv_ntt_step vec zeta (mk_usize 4) (mk_usize 12) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 5) (sz 13) + inv_ntt_step vec zeta (mk_usize 5) (mk_usize 13) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 6) (sz 14) + inv_ntt_step vec zeta (mk_usize 6) (mk_usize 14) in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step vec zeta (sz 7) (sz 15) + inv_ntt_step vec zeta (mk_usize 7) (mk_usize 15) in vec @@ -390,15 +390,23 @@ let ntt_multiply_binomials (i: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let ai:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 2 *! i <: usize ] in - let bi:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 2 *! i <: usize ] in + let ai:i16 = + a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ mk_usize 2 *! i <: usize ] + in + let bi:i16 = + b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ mk_usize 2 *! i <: usize ] + in let aj:i16 = - a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (sz 2 *! i <: usize) +! sz 1 <: usize - ] + a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (mk_usize 2 *! i <: usize) +! + mk_usize 1 + <: + usize ] in let bj:i16 = - b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (sz 2 *! i <: usize) +! sz 1 <: usize - ] + b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (mk_usize 2 *! i <: usize) +! + mk_usize 1 + <: + usize ] in let _:Prims.unit = assert (Spec.Utils.is_i16b 3328 ai); @@ -471,7 +479,9 @@ let ntt_multiply_binomials ((v ai * v bj + v aj * v bi) * 169) % 3329; } in - let v__out0:t_Array i16 (sz 16) = out.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements in + let v__out0:t_Array i16 (mk_usize 16) = + out.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { out with @@ -479,7 +489,7 @@ let ntt_multiply_binomials = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 2 *! i <: usize) + (mk_usize 2 *! i <: usize) o0 } <: @@ -492,7 +502,7 @@ let ntt_multiply_binomials = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - ((sz 2 *! i <: usize) +! sz 1 <: usize) + ((mk_usize 2 *! i <: usize) +! mk_usize 1 <: usize) o1 } <: @@ -529,35 +539,35 @@ let ntt_multiply in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta0 (sz 0) out + ntt_multiply_binomials lhs rhs zeta0 (mk_usize 0) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta0 (sz 1) out + ntt_multiply_binomials lhs rhs nzeta0 (mk_usize 1) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta1 (sz 2) out + ntt_multiply_binomials lhs rhs zeta1 (mk_usize 2) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta1 (sz 3) out + ntt_multiply_binomials lhs rhs nzeta1 (mk_usize 3) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta2 (sz 4) out + ntt_multiply_binomials lhs rhs zeta2 (mk_usize 4) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta2 (sz 5) out + ntt_multiply_binomials lhs rhs nzeta2 (mk_usize 5) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta3 (sz 6) out + ntt_multiply_binomials lhs rhs zeta3 (mk_usize 6) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta3 (sz 7) out + ntt_multiply_binomials lhs rhs nzeta3 (mk_usize 7) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index ef246cd1f..0d93f6625 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -6,10 +6,10 @@ open FStar.Mul #push-options "--admit_smt_queries true" let rej_sample (a: t_Slice u8) (result: t_Slice i16) = - let sampled:usize = sz 0 in + let sampled:usize = mk_usize 0 in let result, sampled:(t_Slice i16 & usize) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize) + Rust_primitives.Hax.Folds.fold_range (mk_usize 0) + ((Core.Slice.impl__len #u8 a <: usize) /! mk_usize 3 <: usize) (fun temp_0_ temp_1_ -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in let _:usize = temp_1_ in @@ -18,26 +18,32 @@ let rej_sample (a: t_Slice u8) (result: t_Slice i16) = (fun temp_0_ i -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in let i:usize = i in - let b1:i16 = cast (a.[ (i *! sz 3 <: usize) +! sz 0 <: usize ] <: u8) <: i16 in - let b2:i16 = cast (a.[ (i *! sz 3 <: usize) +! sz 1 <: usize ] <: u8) <: i16 in - let b3:i16 = cast (a.[ (i *! sz 3 <: usize) +! sz 2 <: usize ] <: u8) <: i16 in - let d1:i16 = ((b2 &. 15s <: i16) <>! 4l <: i16) in + let b1:i16 = + cast (a.[ (i *! mk_usize 3 <: usize) +! mk_usize 0 <: usize ] <: u8) <: i16 + in + let b2:i16 = + cast (a.[ (i *! mk_usize 3 <: usize) +! mk_usize 1 <: usize ] <: u8) <: i16 + in + let b3:i16 = + cast (a.[ (i *! mk_usize 3 <: usize) +! mk_usize 2 <: usize ] <: u8) <: i16 + in + let d1:i16 = ((b2 &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) in let result, sampled:(t_Slice i16 & usize) = - if d1 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + if d1 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. mk_usize 16 then let result:t_Slice i16 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d1 in - result, sampled +! sz 1 <: (t_Slice i16 & usize) + result, sampled +! mk_usize 1 <: (t_Slice i16 & usize) else result, sampled <: (t_Slice i16 & usize) in - if d2 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + if d2 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. mk_usize 16 then let result:t_Slice i16 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d2 in - result, sampled +! sz 1 <: (t_Slice i16 & usize) + result, sampled +! mk_usize 1 <: (t_Slice i16 & usize) else result, sampled <: (t_Slice i16 & usize)) in let hax_temp_output:usize = sampled in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti index 57159cf4c..eaa6fc371 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti @@ -6,8 +6,8 @@ open FStar.Mul val rej_sample (a: t_Slice u8) (result: t_Slice i16) : Prims.Pure (t_Slice i16 & usize) (requires - (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && - (Core.Slice.impl__len #i16 result <: usize) =. sz 16) + (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24 && + (Core.Slice.impl__len #i16 result <: usize) =. mk_usize 16) (ensures fun temp_0_ -> let result_future, res:(t_Slice i16 & usize) = temp_0_ in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 553759235..6f0be6123 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -5,61 +5,83 @@ open FStar.Mul let serialize_4_int (v: t_Slice i16) = let result0:u8 = - ((cast (v.[ sz 1 ] <: i16) <: u8) <>! 4l <: u8) &. 15uy <: u8) <: i16 in - let v2:i16 = cast ((bytes.[ sz 1 ] <: u8) &. 15uy <: u8) <: i16 in - let v3:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - let v4:i16 = cast ((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <: i16 in - let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in - let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in + let v0:i16 = cast ((bytes.[ mk_usize 0 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v1:i16 = cast (((bytes.[ mk_usize 0 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v2:i16 = cast ((bytes.[ mk_usize 1 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v3:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v4:i16 = cast ((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v5:i16 = cast (((bytes.[ mk_usize 2 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v6:i16 = cast ((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v7:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let serialize_5_int (v: t_Slice i16) = - let r0:u8 = cast ((v.[ sz 0 ] <: i16) |. ((v.[ sz 1 ] <: i16) <>! 3l <: i16) |. ((v.[ sz 2 ] <: i16) <>! mk_i32 3 <: i16) |. + ((v.[ mk_usize 2 ] <: i16) <>! 1l <: i16) |. ((v.[ sz 4 ] <: i16) <>! mk_i32 1 <: i16) |. + ((v.[ mk_usize 4 ] <: i16) <>! 4l <: i16) |. ((v.[ sz 5 ] <: i16) <>! mk_i32 4 <: i16) |. + ((v.[ mk_usize 5 ] <: i16) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) <>! mk_i32 2 <: i16) |. + ((v.[ mk_usize 7 ] <: i16) <>! 5l <: u8) + cast ((((bytes.[ mk_usize 1 ] <: u8) &. mk_u8 3 <: u8) <>! mk_i32 5 <: u8) <: u8) <: i16 in - let v2:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 2l <: u8) &. 31uy <: u8) <: i16 in + let v2:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 31 <: u8) <: i16 in let v3:i16 = - cast ((((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <>! 7l <: u8) + cast ((((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <>! mk_i32 7 <: u8) <: u8) <: i16 in let v4:i16 = - cast ((((bytes.[ sz 3 ] <: u8) &. 1uy <: u8) <>! 4l <: u8) + cast ((((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 1 <: u8) <>! mk_i32 4 <: u8) <: u8) <: i16 in - let v5:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 1l <: u8) &. 31uy <: u8) <: i16 in + let v5:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 31 <: u8) <: i16 in let v6:i16 = - cast ((((bytes.[ sz 4 ] <: u8) &. 7uy <: u8) <>! 6l <: u8) + cast ((((bytes.[ mk_usize 4 ] <: u8) &. mk_u8 7 <: u8) <>! mk_i32 6 <: u8) <: u8) <: i16 in - let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in + let v7:i16 = cast ((bytes.[ mk_usize 4 ] <: u8) >>! mk_i32 3 <: u8) <: i16 in v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_5_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } + deserialize_5_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 5 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } + deserialize_5_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 5; + Core.Ops.Range.f_end = mk_usize 10 + } <: Core.Ops.Range.t_Range usize ] <: @@ -155,90 +183,90 @@ let deserialize_5_ (bytes: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector let serialize_10_int (v: t_Slice i16) = - let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in + let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in let r1:u8 = - ((cast ((v.[ sz 1 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s <: i16) <: u8) + ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 8 <: i16) &. mk_i16 3 <: i16) <: u8) in let r2:u8 = - ((cast ((v.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s <: i16) <: u8) + ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 6 <: i16) &. mk_i16 15 <: i16) <: u8) in let r3:u8 = - ((cast ((v.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s <: i16) <: u8) + ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 4 <: i16) &. mk_i16 63 <: i16) <: u8) in - let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in + let r4:u8 = cast (((v.[ mk_usize 3 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) let deserialize_10_int (bytes: t_Slice u8) = let r0:i16 = - (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + (((cast (bytes.[ mk_usize 2 ] <: u8) <: i16) &. mk_i16 15 <: i16) <>! mk_i32 2 <: i16) in let r2:i16 = - (((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + (((cast (bytes.[ mk_usize 3 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) in let r3:i16 = - ((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) + ((cast (bytes.[ mk_usize 4 ] <: u8) <: i16) <>! mk_i32 6 <: i16) in let r4:i16 = - (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + (((cast (bytes.[ mk_usize 7 ] <: u8) <: i16) &. mk_i16 15 <: i16) <>! mk_i32 2 <: i16) in let r6:i16 = - (((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + (((cast (bytes.[ mk_usize 8 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) in let r7:i16 = - ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) + ((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) <>! mk_i32 6 <: i16) in r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let serialize_11_int (v: t_Slice i16) = - let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in + let r0:u8 = cast (v.[ mk_usize 0 ] <: i16) <: u8 in let r1:u8 = - ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) + ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 31 <: i16) <: u8) <>! mk_i32 8 <: i16) <: u8) in let r2:u8 = - ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) + ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 5 <: i16) <: u8) in - let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in + let r3:u8 = cast (((v.[ mk_usize 2 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in let r4:u8 = - ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) + ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 127 <: i16) <: u8) <>! mk_i32 10 <: i16) <: u8) in let r5:u8 = - ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) + ((cast ((v.[ mk_usize 4 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 7 <: i16) <: u8) in let r6:u8 = - ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) + ((cast ((v.[ mk_usize 5 ] <: i16) &. mk_i16 1 <: i16) <: u8) <>! mk_i32 4 <: i16) <: u8) in - let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in + let r7:u8 = cast (((v.[ mk_usize 5 ] <: i16) >>! mk_i32 1 <: i16) &. mk_i16 255 <: i16) <: u8 in let r8:u8 = - ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) + ((cast ((v.[ mk_usize 6 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 9 <: i16) <: u8) in let r9:u8 = - ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) + ((cast ((v.[ mk_usize 7 ] <: i16) &. mk_i16 7 <: i16) <: u8) <>! mk_i32 6 <: i16) <: u8) in - let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in + let r10:u8 = cast ((v.[ mk_usize 7 ] <: i16) >>! mk_i32 3 <: i16) <: u8 in r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 <: (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) @@ -246,8 +274,8 @@ let serialize_11_int (v: t_Slice i16) = let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 8 } <: Core.Ops.Range.t_Range usize ] @@ -256,8 +284,8 @@ let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto in let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 8; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -276,55 +304,61 @@ let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto let deserialize_11_int (bytes: t_Slice u8) = let r0:i16 = - (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + (((cast (bytes.[ mk_usize 2 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 3 <: i16) in let r2:i16 = - ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + ((cast (bytes.[ mk_usize 2 ] <: u8) <: i16) >>! mk_i32 6 <: i16) in let r3:i16 = - (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + (((cast (bytes.[ mk_usize 5 ] <: u8) <: i16) &. mk_i16 15 <: i16) <>! mk_i32 1 <: i16) in let r4:i16 = - (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + (((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) &. mk_i16 127 <: i16) <>! mk_i32 4 <: i16) in let r5:i16 = - ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + ((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) >>! mk_i32 7 <: i16) in let r6:i16 = - (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + (((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) &. mk_i16 31 <: i16) <>! mk_i32 2 <: i16) in let r7:i16 = - ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) + ((cast (bytes.[ mk_usize 10 ] <: u8) <: i16) <>! mk_i32 5 <: i16) in r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_11_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } + deserialize_11_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 11 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } + deserialize_11_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 11; + Core.Ops.Range.f_end = mk_usize 22 + } <: Core.Ops.Range.t_Range usize ] <: @@ -346,113 +380,138 @@ let deserialize_11_ (bytes: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector let serialize_12_int (v: t_Slice i16) = - let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in + let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in let r1:u8 = - cast (((v.[ sz 0 ] <: i16) >>! 8l <: i16) |. (((v.[ sz 1 ] <: i16) &. 15s <: i16) <>! mk_i32 8 <: i16) |. + (((v.[ mk_usize 1 ] <: i16) &. mk_i16 15 <: i16) <>! 4l <: i16) &. 255s <: i16) <: u8 in + let r2:u8 = cast (((v.[ mk_usize 1 ] <: i16) >>! mk_i32 4 <: i16) &. mk_i16 255 <: i16) <: u8 in r0, r1, r2 <: (u8 & u8 & u8) let deserialize_12_int (bytes: t_Slice u8) = - let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in - let byte1:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in - let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in - let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in + let byte0:i16 = cast (bytes.[ mk_usize 0 ] <: u8) <: i16 in + let byte1:i16 = cast (bytes.[ mk_usize 1 ] <: u8) <: i16 in + let byte2:i16 = cast (bytes.[ mk_usize 2 ] <: u8) <: i16 in + let r0:i16 = ((byte1 &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) &. mk_i16 15 <: i16) in r0, r1 <: (i16 & i16) let rec serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0:u8 = - (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 0 ] <: i16) <: u8) |. - ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 1 ] <: i16) + (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ mk_usize 0 ] <: i16) + <: + u8) |. + ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ mk_usize 1 ] + <: + i16) <: u8) <>! 1l <: u8) &. 1uy <: u8) <: i16 in - let result2:i16 = cast (((v.[ sz 0 ] <: u8) >>! 2l <: u8) &. 1uy <: u8) <: i16 in - let result3:i16 = cast (((v.[ sz 0 ] <: u8) >>! 3l <: u8) &. 1uy <: u8) <: i16 in - let result4:i16 = cast (((v.[ sz 0 ] <: u8) >>! 4l <: u8) &. 1uy <: u8) <: i16 in - let result5:i16 = cast (((v.[ sz 0 ] <: u8) >>! 5l <: u8) &. 1uy <: u8) <: i16 in - let result6:i16 = cast (((v.[ sz 0 ] <: u8) >>! 6l <: u8) &. 1uy <: u8) <: i16 in - let result7:i16 = cast (((v.[ sz 0 ] <: u8) >>! 7l <: u8) &. 1uy <: u8) <: i16 in - let result8:i16 = cast ((v.[ sz 1 ] <: u8) &. 1uy <: u8) <: i16 in - let result9:i16 = cast (((v.[ sz 1 ] <: u8) >>! 1l <: u8) &. 1uy <: u8) <: i16 in - let result10:i16 = cast (((v.[ sz 1 ] <: u8) >>! 2l <: u8) &. 1uy <: u8) <: i16 in - let result11:i16 = cast (((v.[ sz 1 ] <: u8) >>! 3l <: u8) &. 1uy <: u8) <: i16 in - let result12:i16 = cast (((v.[ sz 1 ] <: u8) >>! 4l <: u8) &. 1uy <: u8) <: i16 in - let result13:i16 = cast (((v.[ sz 1 ] <: u8) >>! 5l <: u8) &. 1uy <: u8) <: i16 in - let result14:i16 = cast (((v.[ sz 1 ] <: u8) >>! 6l <: u8) &. 1uy <: u8) <: i16 in - let result15:i16 = cast (((v.[ sz 1 ] <: u8) >>! 7l <: u8) &. 1uy <: u8) <: i16 in + let result0:i16 = cast ((v.[ mk_usize 0 ] <: u8) &. mk_u8 1 <: u8) <: i16 in + let result1:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result2:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result3:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 3 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result4:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result5:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 5 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result6:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 6 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result7:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 7 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result8:i16 = cast ((v.[ mk_usize 1 ] <: u8) &. mk_u8 1 <: u8) <: i16 in + let result9:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result10:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result11:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 3 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result12:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result13:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 5 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result14:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 6 <: u8) &. mk_u8 1 <: u8) <: i16 in + let result15:i16 = cast (((v.[ mk_usize 1 ] <: u8) >>! mk_i32 7 <: u8) &. mk_u8 1 <: u8) <: i16 in { Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = @@ -541,8 +600,8 @@ let deserialize_1_bounded_lemma inputs = let rec serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0_3_:(u8 & u8 & u8 & u8) = serialize_4_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 8 } <: Core.Ops.Range.t_Range usize ] @@ -551,8 +610,8 @@ let rec serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe in let result4_7_:(u8 & u8 & u8 & u8) = serialize_4_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 8; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -598,14 +657,20 @@ let serialize_4_lemma inputs = let rec deserialize_4_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } + deserialize_4_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 4 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 4; Core.Ops.Range.f_end = sz 8 } + deserialize_4_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 4; + Core.Ops.Range.f_end = mk_usize 8 + } <: Core.Ops.Range.t_Range usize ] <: @@ -653,8 +718,8 @@ let deserialize_4_lemma inputs = let rec serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_4_:(u8 & u8 & u8 & u8 & u8) = serialize_10_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 4 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize ] @@ -663,8 +728,8 @@ let rec serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableV in let r5_9_:(u8 & u8 & u8 & u8 & u8) = serialize_10_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 4; - Core.Ops.Range.f_end = sz 8 + Core.Ops.Range.f_start = mk_usize 4; + Core.Ops.Range.f_end = mk_usize 8 } <: Core.Ops.Range.t_Range usize ] @@ -673,8 +738,8 @@ let rec serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableV in let r10_14_:(u8 & u8 & u8 & u8 & u8) = serialize_10_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 12 + Core.Ops.Range.f_start = mk_usize 8; + Core.Ops.Range.f_end = mk_usize 12 } <: Core.Ops.Range.t_Range usize ] @@ -683,8 +748,8 @@ let rec serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableV in let r15_19_:(u8 & u8 & u8 & u8 & u8) = serialize_10_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 12; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 12; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -725,14 +790,20 @@ let serialize_10_lemma inputs = let rec deserialize_10_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } + deserialize_10_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 10 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 20 } + deserialize_10_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 10; + Core.Ops.Range.f_end = mk_usize 20 + } <: Core.Ops.Range.t_Range usize ] <: @@ -780,8 +851,8 @@ let deserialize_10_bounded_lemma inputs = let rec serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_2_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 2 + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 2 } <: Core.Ops.Range.t_Range usize ] @@ -790,8 +861,8 @@ let rec serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableV in let r3_5_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 2; - Core.Ops.Range.f_end = sz 4 + Core.Ops.Range.f_start = mk_usize 2; + Core.Ops.Range.f_end = mk_usize 4 } <: Core.Ops.Range.t_Range usize ] @@ -800,8 +871,8 @@ let rec serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableV in let r6_8_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 4; - Core.Ops.Range.f_end = sz 6 + Core.Ops.Range.f_start = mk_usize 4; + Core.Ops.Range.f_end = mk_usize 6 } <: Core.Ops.Range.t_Range usize ] @@ -810,8 +881,8 @@ let rec serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableV in let r9_11_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 6; - Core.Ops.Range.f_end = sz 8 + Core.Ops.Range.f_start = mk_usize 6; + Core.Ops.Range.f_end = mk_usize 8 } <: Core.Ops.Range.t_Range usize ] @@ -820,8 +891,8 @@ let rec serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableV in let r12_14_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 10 + Core.Ops.Range.f_start = mk_usize 8; + Core.Ops.Range.f_end = mk_usize 10 } <: Core.Ops.Range.t_Range usize ] @@ -830,8 +901,8 @@ let rec serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableV in let r15_17_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 10; - Core.Ops.Range.f_end = sz 12 + Core.Ops.Range.f_start = mk_usize 10; + Core.Ops.Range.f_end = mk_usize 12 } <: Core.Ops.Range.t_Range usize ] @@ -840,8 +911,8 @@ let rec serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableV in let r18_20_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 12; - Core.Ops.Range.f_end = sz 14 + Core.Ops.Range.f_start = mk_usize 12; + Core.Ops.Range.f_end = mk_usize 14 } <: Core.Ops.Range.t_Range usize ] @@ -850,8 +921,8 @@ let rec serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableV in let r21_23_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 14; - Core.Ops.Range.f_end = sz 16 + Core.Ops.Range.f_start = mk_usize 14; + Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] @@ -892,56 +963,80 @@ let serialize_12_lemma inputs = let rec deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 3 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v2_3_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 6 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 3; + Core.Ops.Range.f_end = mk_usize 6 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v4_5_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 6; Core.Ops.Range.f_end = sz 9 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 6; + Core.Ops.Range.f_end = mk_usize 9 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v6_7_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 12 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 9; + Core.Ops.Range.f_end = mk_usize 12 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v8_9_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 15 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 12; + Core.Ops.Range.f_end = mk_usize 15 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v10_11_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 15; Core.Ops.Range.f_end = sz 18 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 15; + Core.Ops.Range.f_end = mk_usize 18 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v12_13_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 18; Core.Ops.Range.f_end = sz 21 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 18; + Core.Ops.Range.f_end = mk_usize 21 + } <: Core.Ops.Range.t_Range usize ] <: t_Slice u8) in let v14_15_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 21; Core.Ops.Range.f_end = sz 24 } + deserialize_12_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 21; + Core.Ops.Range.f_end = mk_usize 24 + } <: Core.Ops.Range.t_Range usize ] <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 869153bd0..059e4bb4e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -5,72 +5,72 @@ open FStar.Mul val serialize_4_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 8) + (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) (fun _ -> Prims.l_True) val deserialize_4_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 4) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 4) (fun _ -> Prims.l_True) val serialize_5_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 8) + (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) (fun _ -> Prims.l_True) val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 10)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_5_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 5) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 5) (fun _ -> Prims.l_True) val deserialize_5_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 10) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 10) (fun _ -> Prims.l_True) val serialize_10_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) + (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 4) (fun _ -> Prims.l_True) val deserialize_10_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 10) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 10) (fun _ -> Prims.l_True) val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 8) + (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) (fun _ -> Prims.l_True) val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_11_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 11) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 11) (fun _ -> Prims.l_True) val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 22) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 22) (fun _ -> Prims.l_True) val serialize_12_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 2) + (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 2) (fun _ -> Prims.l_True) val deserialize_12_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 3) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 3) (fun _ -> Prims.l_True) val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 2)) Prims.l_True (fun _ -> Prims.l_True) val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) @@ -78,7 +78,7 @@ val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port val deserialize_1_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 v <: usize) =. sz 2) + (requires (Core.Slice.impl__len #u8 v <: usize) =. mk_usize 2) (fun _ -> Prims.l_True) val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma @@ -88,7 +88,7 @@ val deserialize_1_bounded_lemma (inputs: t_Array u8 (sz 2)) : Lemma (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_1_ inputs).f_elements i) 1) val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 8)) Prims.l_True (fun _ -> Prims.l_True) val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) @@ -96,7 +96,7 @@ val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port val deserialize_4_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8) (fun _ -> Prims.l_True) val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma @@ -106,7 +106,7 @@ val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 20)) Prims.l_True (fun _ -> Prims.l_True) val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) @@ -114,7 +114,7 @@ val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Por val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20) (fun _ -> Prims.l_True) val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma @@ -124,7 +124,7 @@ val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_10_ inputs).f_elements i) 10) val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 24)) Prims.l_True (fun _ -> Prims.l_True) val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) @@ -132,7 +132,7 @@ val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Por val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 24) (fun _ -> Prims.l_True) val deserialize_12_bounded_lemma (inputs: t_Array u8 (sz 24)) : Lemma diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst index 61b05fdfd..50dbb98ec 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst @@ -16,7 +16,7 @@ val impl_1': Core.Marker.t_Copy t_PortableVector let impl_1 = impl_1' let zero (_: Prims.unit) = - { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector + { f_elements = Rust_primitives.Hax.repeat (mk_i16 0) (mk_usize 16) } <: t_PortableVector let to_i16_array (x: t_PortableVector) = x.f_elements @@ -24,18 +24,18 @@ let from_i16_array (array: t_Slice i16) = { f_elements = - Core.Result.impl__unwrap #(t_Array i16 (sz 16)) + Core.Result.impl__unwrap #(t_Array i16 (mk_usize 16)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice i16) - #(t_Array i16 (sz 16)) + #(t_Array i16 (mk_usize 16)) #FStar.Tactics.Typeclasses.solve - (array.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + (array.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } <: Core.Ops.Range.t_Range usize ] <: t_Slice i16) <: - Core.Result.t_Result (t_Array i16 (sz 16)) Core.Array.t_TryFromSliceError) + Core.Result.t_Result (t_Array i16 (mk_usize 16)) Core.Array.t_TryFromSliceError) } <: t_PortableVector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti index 597bd9722..ebf44b6b5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_kem.Vector.Portable.Vector_type open Core open FStar.Mul -type t_PortableVector = { f_elements:t_Array i16 (sz 16) } +type t_PortableVector = { f_elements:t_Array i16 (mk_usize 16) } [@@ FStar.Tactics.Typeclasses.tcinstance] val impl:Core.Clone.t_Clone t_PortableVector @@ -20,16 +20,16 @@ val zero: Prims.unit result.f_elements == Seq.create 16 (mk_i16 0)) val to_i16_array (x: t_PortableVector) - : Prims.Pure (t_Array i16 (sz 16)) + : Prims.Pure (t_Array i16 (mk_usize 16)) Prims.l_True (ensures fun result -> - let result:t_Array i16 (sz 16) = result in + let result:t_Array i16 (mk_usize 16) = result in result == x.f_elements) val from_i16_array (array: t_Slice i16) : Prims.Pure t_PortableVector - (requires (Core.Slice.impl__len #i16 array <: usize) =. sz 16) + (requires (Core.Slice.impl__len #i16 array <: usize) =. mk_usize 16) (ensures fun result -> let result:t_PortableVector = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst index c6ad12c18..f23a5327e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst @@ -21,7 +21,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array i16 (sz 16)) + (out: t_Array i16 (mk_usize 16)) -> true); f_repr @@ -95,7 +95,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Portable.Vector_type.zero ()); f_from_i16_array_pre = - (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); + (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. mk_usize 16); f_from_i16_array_post = (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -110,7 +110,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array i16 (sz 16)) + (out: t_Array i16 (mk_usize 16)) -> out == impl.f_repr x); f_to_i16_array @@ -209,7 +209,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_shift_right_pre = (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l); + v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16); f_shift_right_post = (fun @@ -539,14 +539,16 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 2)) + (out: t_Array u8 (mk_usize 2)) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr a) out); f_serialize_1_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_1_ a); - f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2); + f_deserialize_1_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 2); f_deserialize_1_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -560,14 +562,16 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 8)) + (out: t_Array u8 (mk_usize 8)) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr a) out); f_serialize_4_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_4_ a); - f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8); + f_deserialize_4_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 8); f_deserialize_4_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -580,13 +584,15 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 10)) + (out: t_Array u8 (mk_usize 10)) -> true); f_serialize_5_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_5_ a); - f_deserialize_5_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 10); + f_deserialize_5_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 10); f_deserialize_5_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -599,14 +605,16 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 20)) + (out: t_Array u8 (mk_usize 20)) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr a) out); f_serialize_10_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_10_ a); - f_deserialize_10_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 20); + f_deserialize_10_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 20); f_deserialize_10_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -619,13 +627,15 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 22)) + (out: t_Array u8 (mk_usize 22)) -> true); f_serialize_11_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_11_ a); - f_deserialize_11_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 22); + f_deserialize_11_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 22); f_deserialize_11_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -638,14 +648,16 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array u8 (sz 24)) + (out: t_Array u8 (mk_usize 24)) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr a) out); f_serialize_12_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_12_ a); - f_deserialize_12_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 24); + f_deserialize_12_pre + = + (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24); f_deserialize_12_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -654,8 +666,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> - (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && - (Core.Slice.impl__len #i16 out <: usize) =. sz 16); + (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24 && + (Core.Slice.impl__len #i16 out <: usize) =. mk_usize 16); f_rej_sample_post = (fun (a: t_Slice u8) (out: t_Slice i16) (out_future, result: (t_Slice i16 & usize)) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 709ead4ba..f5b96577e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -15,84 +15,84 @@ val impl:Libcrux_ml_kem.Vector.Traits.t_Repr Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector val serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 2)) + : Prims.Pure (t_Array u8 (mk_usize 2)) (requires Spec.MLKEM.serialize_pre 1 (impl.f_repr a)) (ensures fun out -> - let out:t_Array u8 (sz 2) = out in + let out:t_Array u8 (mk_usize 2) = out in Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr a) out) val deserialize_1_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 2) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 2) (ensures fun out -> let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out)) val serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 8)) + : Prims.Pure (t_Array u8 (mk_usize 8)) (requires Spec.MLKEM.serialize_pre 4 (impl.f_repr a)) (ensures fun out -> - let out:t_Array u8 (sz 8) = out in + let out:t_Array u8 (mk_usize 8) = out in Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr a) out) val deserialize_4_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 8) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 8) (ensures fun out -> let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out)) val serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 10)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_5_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 10) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 10) (fun _ -> Prims.l_True) val serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 20)) + : Prims.Pure (t_Array u8 (mk_usize 20)) (requires Spec.MLKEM.serialize_pre 10 (impl.f_repr a)) (ensures fun out -> - let out:t_Array u8 (sz 20) = out in + let out:t_Array u8 (mk_usize 20) = out in Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr a) out) val deserialize_10_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 20) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 20) (ensures fun out -> let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out)) val serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) val deserialize_11_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 22) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 22) (fun _ -> Prims.l_True) val serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 24)) + : Prims.Pure (t_Array u8 (mk_usize 24)) (requires Spec.MLKEM.serialize_pre 12 (impl.f_repr a)) (ensures fun out -> - let out:t_Array u8 (sz 24) = out in + let out:t_Array u8 (mk_usize 24) = out in Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr a) out) val deserialize_12_ (a: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 24) + (requires (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24) (ensures fun out -> let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti index 3d4f6be0a..266647e09 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti @@ -3,2018 +3,2054 @@ module Libcrux_ml_kem.Vector.Rej_sample_table open Core open FStar.Mul -let v_REJECTION_SAMPLE_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 256) = +let v_REJECTION_SAMPLE_SHUFFLE_TABLE: t_Array (t_Array u8 (mk_usize 16)) (mk_usize 256) = let list = [ (let list = [ - 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy; 255uy + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; + mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; + mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy + mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; + mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 0; mk_u8 1; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy + mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; + mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 0; mk_u8 1; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy + mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; mk_u8 11; mk_u8 12; + mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255; mk_u8 255; mk_u8 255 ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 0; mk_u8 1; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); (let list = - [2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] + [ + mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; mk_u8 10; + mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15; mk_u8 255; mk_u8 255 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list); let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy] + [ + mk_u8 0; mk_u8 1; mk_u8 2; mk_u8 3; mk_u8 4; mk_u8 5; mk_u8 6; mk_u8 7; mk_u8 8; mk_u8 9; + mk_u8 10; mk_u8 11; mk_u8 12; mk_u8 13; mk_u8 14; mk_u8 15 + ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index fcff2544c..27d957474 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -27,7 +27,7 @@ let to_unsigned_representative (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) (a: v_T) = - let t:v_T = f_shift_right #v_T #FStar.Tactics.Typeclasses.solve 15l a in + let t:v_T = f_shift_right #v_T #FStar.Tactics.Typeclasses.solve (mk_i32 15) a in let fm:v_T = f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve t v_FIELD_MODULUS in @@ -64,6 +64,6 @@ let decompress_1_ Seq.index (i1._super_12682756204189288427.f_repr s) i == mk_i16 (- 1)) in let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s (mk_i16 1665)) in - f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s + f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s (mk_i16 1665) #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 2223ba188..ed03c1db0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -3,25 +3,25 @@ module Libcrux_ml_kem.Vector.Traits open Core open FStar.Mul -let v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS: i16 = 1353s +let v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS: i16 = mk_i16 1353 -let v_FIELD_MODULUS: i16 = 3329s +let v_FIELD_MODULUS: i16 = mk_i16 3329 -let v_FIELD_ELEMENTS_IN_VECTOR: usize = sz 16 +let v_FIELD_ELEMENTS_IN_VECTOR: usize = mk_usize 16 -let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209ul +let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = mk_u32 62209 -let v_BARRETT_SHIFT: i32 = 26l +let v_BARRETT_SHIFT: i32 = mk_i32 26 -let v_BARRETT_R: i32 = 1l < pred: Type0{true ==> pred}; - f_repr_post:v_Self -> t_Array i16 (sz 16) -> Type0; + f_repr_post:v_Self -> t_Array i16 (mk_usize 16) -> Type0; f_repr:x0: v_Self - -> Prims.Pure (t_Array i16 (sz 16)) (f_repr_pre x0) (fun result -> f_repr_post x0 result) + -> Prims.Pure (t_Array i16 (mk_usize 16)) (f_repr_pre x0) (fun result -> f_repr_post x0 result) } class t_Operations (v_Self: Type0) = { @@ -42,16 +42,16 @@ class t_Operations (v_Self: Type0) = { f_repr result == Seq.create 16 (mk_i16 0)) }; f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); f_from_i16_array_pre:array: t_Slice i16 - -> pred: Type0{(Core.Slice.impl__len #i16 array <: usize) =. sz 16 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #i16 array <: usize) =. mk_usize 16 ==> pred}; f_from_i16_array_post:array: t_Slice i16 -> result: v_Self -> pred: Type0{pred ==> f_repr result == array}; f_from_i16_array:x0: t_Slice i16 -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); f_to_i16_array_pre:x: v_Self -> pred: Type0{true ==> pred}; - f_to_i16_array_post:x: v_Self -> result: t_Array i16 (sz 16) + f_to_i16_array_post:x: v_Self -> result: t_Array i16 (mk_usize 16) -> pred: Type0{pred ==> f_repr x == result}; f_to_i16_array:x0: v_Self - -> Prims.Pure (t_Array i16 (sz 16)) + -> Prims.Pure (t_Array i16 (mk_usize 16)) (f_to_i16_array_pre x0) (fun result -> f_to_i16_array_post x0 result); f_add_pre:lhs: v_Self -> rhs: v_Self @@ -114,7 +114,7 @@ class t_Operations (v_Self: Type0) = { (f_bitwise_and_with_constant_pre x0 x1) (fun result -> f_bitwise_and_with_constant_post x0 x1 result); f_shift_right_pre:v_SHIFT_BY: i32 -> v: v_Self - -> pred: Type0{v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l ==> pred}; + -> pred: Type0{v_SHIFT_BY >=. mk_i32 0 && v_SHIFT_BY <. mk_i32 16 ==> pred}; f_shift_right_post:v_SHIFT_BY: i32 -> v: v_Self -> result: v_Self -> pred: Type0 @@ -304,63 +304,63 @@ class t_Operations (v_Self: Type0) = { (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); f_serialize_1_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 1 (f_repr a) ==> pred}; - f_serialize_1_post:a: v_Self -> result: t_Array u8 (sz 2) + f_serialize_1_post:a: v_Self -> result: t_Array u8 (mk_usize 2) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 1 (f_repr a) ==> Spec.MLKEM.serialize_post 1 (f_repr a) result }; f_serialize_1_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 2)) + -> Prims.Pure (t_Array u8 (mk_usize 2)) (f_serialize_1_pre x0) (fun result -> f_serialize_1_post x0 result); f_deserialize_1_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 2 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 2 ==> pred}; f_deserialize_1_post:a: t_Slice u8 -> result: v_Self -> pred: Type0{pred ==> sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (f_repr result)}; f_deserialize_1_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); f_serialize_4_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 4 (f_repr a) ==> pred}; - f_serialize_4_post:a: v_Self -> result: t_Array u8 (sz 8) + f_serialize_4_post:a: v_Self -> result: t_Array u8 (mk_usize 8) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 4 (f_repr a) ==> Spec.MLKEM.serialize_post 4 (f_repr a) result }; f_serialize_4_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 8)) + -> Prims.Pure (t_Array u8 (mk_usize 8)) (f_serialize_4_pre x0) (fun result -> f_serialize_4_post x0 result); f_deserialize_4_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 8 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 8 ==> pred}; f_deserialize_4_post:a: t_Slice u8 -> result: v_Self -> pred: Type0{pred ==> sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (f_repr result)}; f_deserialize_4_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); f_serialize_5_pre:v_Self -> Type0; - f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> Type0; + f_serialize_5_post:v_Self -> t_Array u8 (mk_usize 10) -> Type0; f_serialize_5_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 10)) + -> Prims.Pure (t_Array u8 (mk_usize 10)) (f_serialize_5_pre x0) (fun result -> f_serialize_5_post x0 result); f_deserialize_5_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 10 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 10 ==> pred}; f_deserialize_5_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_5_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); f_serialize_10_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 10 (f_repr a) ==> pred}; - f_serialize_10_post:a: v_Self -> result: t_Array u8 (sz 20) + f_serialize_10_post:a: v_Self -> result: t_Array u8 (mk_usize 20) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 10 (f_repr a) ==> Spec.MLKEM.serialize_post 10 (f_repr a) result }; f_serialize_10_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 20)) + -> Prims.Pure (t_Array u8 (mk_usize 20)) (f_serialize_10_pre x0) (fun result -> f_serialize_10_post x0 result); f_deserialize_10_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 20 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 20 ==> pred}; f_deserialize_10_post:a: t_Slice u8 -> result: v_Self -> pred: Type0 @@ -368,29 +368,29 @@ class t_Operations (v_Self: Type0) = { f_deserialize_10_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); f_serialize_11_pre:v_Self -> Type0; - f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> Type0; + f_serialize_11_post:v_Self -> t_Array u8 (mk_usize 22) -> Type0; f_serialize_11_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 22)) + -> Prims.Pure (t_Array u8 (mk_usize 22)) (f_serialize_11_pre x0) (fun result -> f_serialize_11_post x0 result); f_deserialize_11_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 22 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 22 ==> pred}; f_deserialize_11_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_11_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); f_serialize_12_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 12 (f_repr a) ==> pred}; - f_serialize_12_post:a: v_Self -> result: t_Array u8 (sz 24) + f_serialize_12_post:a: v_Self -> result: t_Array u8 (mk_usize 24) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 12 (f_repr a) ==> Spec.MLKEM.serialize_post 12 (f_repr a) result }; f_serialize_12_:x0: v_Self - -> Prims.Pure (t_Array u8 (sz 24)) + -> Prims.Pure (t_Array u8 (mk_usize 24)) (f_serialize_12_pre x0) (fun result -> f_serialize_12_post x0 result); f_deserialize_12_pre:a: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 24 ==> pred}; + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24 ==> pred}; f_deserialize_12_post:a: t_Slice u8 -> result: v_Self -> pred: Type0 @@ -400,8 +400,8 @@ class t_Operations (v_Self: Type0) = { f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0 - { (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && - (Core.Slice.impl__len #i16 out <: usize) =. sz 16 ==> + { (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24 && + (Core.Slice.impl__len #i16 out <: usize) =. mk_usize 16 ==> pred }; f_rej_sample_post:a: t_Slice u8 -> out: t_Slice i16 -> x: (t_Slice i16 & usize) -> pred: From 985ac38658180e431597e9b8c572da40870ab394 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 24 Jan 2025 16:52:22 +0100 Subject: [PATCH 11/15] switch to main --- Cargo.toml | 2 +- libcrux-ml-dsa/Cargo.toml | 2 +- libcrux-ml-kem/Cargo.toml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index f8303e778..36b0ccb0a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -88,7 +88,7 @@ log = { version = "0.4", optional = true } # WASM API wasm-bindgen = { version = "0.2.87", optional = true } getrandom = { version = "0.2", features = ["js"], optional = true } -hax-lib = { git = "https://github.com/hacspec/hax/", branch = "transparent-integers" } +hax-lib = { version = "0.1.0", git = "https://github.com/hacspec/hax/" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } diff --git a/libcrux-ml-dsa/Cargo.toml b/libcrux-ml-dsa/Cargo.toml index caf9027c2..507ffe707 100644 --- a/libcrux-ml-dsa/Cargo.toml +++ b/libcrux-ml-dsa/Cargo.toml @@ -20,7 +20,7 @@ libcrux-sha3 = { version = "0.0.2-beta.2", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-beta.2", path = "../libcrux-intrinsics" } libcrux-platform = { version = "0.0.2-beta.2", path = "../sys/platform" } libcrux-macros = { version = "0.0.2-beta.2", path = "../macros" } -hax-lib = { git = "https://github.com/hacspec/hax/", branch = "transparent-integers" } +hax-lib = { version = "0.1.0", git = "https://github.com/hacspec/hax/" } [dev-dependencies] rand = { version = "0.8" } diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index fffebd142..f928c0626 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -26,7 +26,7 @@ rand = { version = "0.8", optional = true } libcrux-platform = { version = "0.0.2-beta.2", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-beta.2", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-beta.2", path = "../libcrux-intrinsics" } -hax-lib = { git = "https://github.com/hacspec/hax/", branch = "transparent-integers" } +hax-lib = { version = "0.1.0", git = "https://github.com/hacspec/hax/" } [features] # By default all variants and std are enabled. From bed8f5a427baf2b7e29a8837aee13a1b6646cac6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 02:47:15 +0000 Subject: [PATCH 12/15] Bump DeterminateSystems/magic-nix-cache-action from 7 to 9 Bumps [DeterminateSystems/magic-nix-cache-action](https://github.com/determinatesystems/magic-nix-cache-action) from 7 to 9. - [Release notes](https://github.com/determinatesystems/magic-nix-cache-action/releases) - [Commits](https://github.com/determinatesystems/magic-nix-cache-action/compare/v7...v9) --- updated-dependencies: - dependency-name: DeterminateSystems/magic-nix-cache-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 4f3bbd9d3..33b084234 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: DeterminateSystems/nix-installer-action@v16 - - uses: DeterminateSystems/magic-nix-cache-action@v7 + - uses: DeterminateSystems/magic-nix-cache-action@v9 - name: Install & configure Cachix shell: bash run: | From 158c7c43dfd942e7b5b53d9eb60c21fa203ab30a Mon Sep 17 00:00:00 2001 From: Maxime Buyse Date: Wed, 29 Jan 2025 17:23:39 +0100 Subject: [PATCH 13/15] Add option to skip hax diffs. --- .github/workflows/hax.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index ab2416c83..868f9e254 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -15,6 +15,10 @@ on: hax_rev: description: "The hax revision you want this job to use" default: "main" + skip_diff: + description: "Skip diff jobs" + default: false + type: boolean merge_group: env: @@ -59,6 +63,7 @@ jobs: path: ~/fstar-extraction-mlkem - name: = Diff Extraction + if: ${{ github.event.inputs.skip_diff != 'false' }} run: | diff -r libcrux-ml-kem/proofs/fstar/extraction/ \ ~/fstar-extraction-mlkem/fstar/extraction/ @@ -114,6 +119,7 @@ jobs: path: ~/fstar-extraction-mldsa - name: = Diff Extraction + if: ${{ github.event.inputs.skip_diff != 'false' }} run: | diff -r libcrux-ml-dsa/proofs/fstar/extraction/ \ ~/fstar-extraction-mldsa/fstar/extraction/ From 4602719976b011e78f8d5671382f24d8d396ad81 Mon Sep 17 00:00:00 2001 From: Maxime Buyse Date: Wed, 29 Jan 2025 16:28:02 +0100 Subject: [PATCH 14/15] Use $ in more fstar macros to remove hardcoded names that are not compatible with new hax naming. --- .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 130 ++++++++++-------- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 20 ++- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 38 +++-- ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti | 18 +-- ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti | 18 +-- ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti | 18 +-- ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 18 +-- ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 18 +-- ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti | 18 +-- ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 17 +-- ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 17 +-- ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti | 17 +-- .../Libcrux_ml_kem.Types.Unpacked.fsti | 48 ------- .../Libcrux_ml_kem.Vector.Avx2.Portable.fsti | 30 ---- ..._kem.Vector.Portable.Serialize.Edited.fsti | 100 -------------- libcrux-ml-kem/src/constant_time_ops.rs | 6 +- libcrux-ml-kem/src/ind_cca.rs | 77 ++++++----- libcrux-ml-kem/src/ind_cpa.rs | 39 +++--- libcrux-ml-kem/src/mlkem1024.rs | 6 +- libcrux-ml-kem/src/mlkem512.rs | 6 +- libcrux-ml-kem/src/mlkem768.rs | 6 +- libcrux-ml-kem/src/types.rs | 2 +- libcrux-ml-kem/src/vector/avx2/sampling.rs | 10 +- 23 files changed, 287 insertions(+), 390 deletions(-) delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Unpacked.fsti delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index 6ea0e7eda..97f19a565 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -61,6 +61,9 @@ val unpack_public_key v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K) (ensures fun unpacked_public_key_future -> + let unpacked_public_key_future:t_MlKemPublicKeyUnpacked v_K v_Vector = + unpacked_public_key_future + in let unpacked_public_key_future:t_MlKemPublicKeyUnpacked v_K v_Vector = unpacked_public_key_future in @@ -70,13 +73,16 @@ val unpack_public_key (valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector - unpacked_public_key_future.f_ind_cpa_public_key.f_A == + unpacked_public_key_future.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A == matrix_A) /\ Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - unpacked_public_key_future.f_ind_cpa_public_key.f_t_as_ntt == - deserialized_pk /\ unpacked_public_key_future.f_ind_cpa_public_key.f_seed_for_A == seed /\ - unpacked_public_key_future.f_public_key_hash == public_key_hash) + unpacked_public_key_future.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == + deserialized_pk /\ + unpacked_public_key_future.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A == + seed /\ unpacked_public_key_future.f_public_key_hash == public_key_hash) /// Get the serialized public key. val impl_3__serialized_mut @@ -88,26 +94,28 @@ val impl_3__serialized_mut (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ - (forall (i: nat). - i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self - .f_ind_cpa_public_key - .f_t_as_ntt - i))) + (let self___ = self in + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + .f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + i)))) (ensures fun serialized_future -> let serialized_future:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = serialized_future in + let self___ = self in serialized_future.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self.f_ind_cpa_public_key.f_t_as_ntt)) - self.f_ind_cpa_public_key.f_seed_for_A) + self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) + self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) /// Get the serialized public key. val impl_3__serialized @@ -118,24 +126,26 @@ val impl_3__serialized (self: t_MlKemPublicKeyUnpacked v_K v_Vector) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ - (forall (i: nat). - i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self - .f_ind_cpa_public_key - .f_t_as_ntt - i))) + (let self___ = self in + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + .f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + i)))) (ensures fun res -> let res:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = res in - res.f_value == + let self___ = self in + res.Libcrux_ml_kem.Types.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self.f_ind_cpa_public_key.f_t_as_ntt)) - self.f_ind_cpa_public_key.f_seed_for_A) + self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) + self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl @@ -187,26 +197,30 @@ val impl_4__serialized_public_key_mut (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ - (forall (i: nat). - i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt - i))) + (let self___ = self in + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + .f_public_key + .f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + i)))) (ensures fun serialized_future -> let serialized_future:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = serialized_future in + let self___ = self in serialized_future.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt)) - self.f_public_key.f_ind_cpa_public_key.f_seed_for_A) + self___.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) + self___.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) /// Get the serialized public key. val impl_4__serialized_public_key @@ -217,24 +231,28 @@ val impl_4__serialized_public_key (self: t_MlKemKeyPairUnpacked v_K v_Vector) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ - (forall (i: nat). - i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt - i))) + (let self___ = self in + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + .f_public_key + .f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + i)))) (ensures fun res -> let res:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = res in + let self___ = self in res.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt)) - self.f_public_key.f_ind_cpa_public_key.f_seed_for_A) + self___.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) + self___.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) /// Get the serialized private key. val impl_4__serialized_private_key_mut @@ -383,10 +401,10 @@ val encapsulate public_key.f_public_key_hash (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - public_key.f_ind_cpa_public_key.f_t_as_ntt) + public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector - public_key.f_ind_cpa_public_key.f_A) + public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A) randomness in ciphertext_result.f_value == ciphertext /\ shared_secret_array == shared_secret) @@ -418,13 +436,15 @@ val decapsulate Spec.MLKEM.ind_cca_unpack_decapsulate v_K key_pair.f_public_key.f_public_key_hash key_pair.f_private_key.f_implicit_rejection_value - ciphertext.f_value + ciphertext.Libcrux_ml_kem.Types.f_value (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - key_pair.f_private_key.f_ind_cpa_private_key.f_secret_as_ntt) + key_pair.f_private_key.f_ind_cpa_private_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt) (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - key_pair.f_public_key.f_ind_cpa_public_key.f_t_as_ntt) + key_pair.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector - key_pair.f_public_key.f_ind_cpa_public_key.f_A)) + key_pair.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index cf7a49d91..baac26d0c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -636,21 +636,27 @@ let generate_keypair_unpacked Spec.MLKEM.ind_cpa_generate_keypair_unpacked v_K key_generation_seed in assert (valid ==> - ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector public_key.f_t_as_ntt) == - t_as_ntt) /\ (public_key.f_seed_for_A == seed_for_A) /\ - (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key.f_A == matrix_A_as_ntt - ) /\ - ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector private_key.f_secret_as_ntt) == + ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) == + t_as_ntt) /\ (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A == seed_for_A) /\ + (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A == + matrix_A_as_ntt) /\ + ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K + #v_Vector + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt) == secret_as_ntt)); assert ((forall (i: nat). i < v v_K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key - .f_secret_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt i)) /\ (forall (i: nat). i < v v_K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i))) in private_key, public_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 4759bf3b3..2354ccac2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -213,11 +213,17 @@ val generate_keypair_unpacked Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = temp_0_ in + let public_key_future:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K + v_Vector = + public_key_future + in let (((t_as_ntt, seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid = Spec.MLKEM.ind_cpa_generate_keypair_unpacked v_K key_generation_seed in (valid ==> - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector public_key_future.f_t_as_ntt == + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K + #v_Vector + public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == t_as_ntt) /\ (public_key_future.f_seed_for_A == seed_for_A) /\ (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key_future.f_A == matrix_A_as_ntt) /\ @@ -233,7 +239,7 @@ val generate_keypair_unpacked (forall (i: nat). i < v v_K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key_future - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i))) /// Serialize the secret key from the unpacked key pair generation. @@ -354,8 +360,12 @@ val encrypt_unpacked Spec.MLKEM.ind_cpa_encrypt_unpacked v_K message randomness - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector public_key.f_t_as_ntt) - (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key.f_A)) + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) + (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A)) val build_unpacked_public_key_mut (v_K v_T_AS_NTT_ENCODED_SIZE: usize) @@ -370,6 +380,10 @@ val build_unpacked_public_key_mut length public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K) (ensures fun unpacked_public_key_future -> + let unpacked_public_key_future:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked + v_K v_Vector = + unpacked_public_key_future + in let unpacked_public_key_future:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = unpacked_public_key_future @@ -379,9 +393,11 @@ val build_unpacked_public_key_mut let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - unpacked_public_key_future.f_t_as_ntt == + unpacked_public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == t_as_ntt /\ valid ==> - Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector unpacked_public_key_future.f_A == + Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K + #v_Vector + unpacked_public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)) val build_unpacked_public_key @@ -402,9 +418,13 @@ val build_unpacked_public_key let t_as_ntt_bytes, seed_for_A = split public_key v_T_AS_NTT_ENCODED_SIZE in let t_as_ntt = Spec.MLKEM.vector_decode_12 #v_K t_as_ntt_bytes in let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector result.f_t_as_ntt == t_as_ntt /\ - valid ==> - Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector result.f_A == + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K + #v_Vector + result.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == + t_as_ntt /\ valid ==> + Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K + #v_Vector + result.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)) val encrypt diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti index 89285a5c8..eebdfcedb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -34,8 +34,8 @@ val serialized_public_key forall (i: nat). i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -68,9 +68,10 @@ val key_pair_serialized_public_key_mut (requires forall (i: nat). i < 4 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -83,9 +84,10 @@ val key_pair_serialized_public_key (requires forall (i: nat). i < 4 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti index 223ba7022..b59106cca 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -38,8 +38,8 @@ val serialized_public_key forall (i: nat). i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -72,9 +72,10 @@ val key_pair_serialized_public_key_mut (requires forall (i: nat). i < 4 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -87,9 +88,10 @@ val key_pair_serialized_public_key (requires forall (i: nat). i < 4 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti index 08eb4ee09..45033e1d8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -38,8 +38,8 @@ val serialized_public_key forall (i: nat). i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -72,9 +72,10 @@ val key_pair_serialized_public_key_mut (requires forall (i: nat). i < 4 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -87,9 +88,10 @@ val key_pair_serialized_public_key (requires forall (i: nat). i < 4 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti index 79eadab70..351562191 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -34,8 +34,8 @@ val serialized_public_key forall (i: nat). i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -68,9 +68,10 @@ val key_pair_serialized_public_key_mut (requires forall (i: nat). i < 2 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -83,9 +84,10 @@ val key_pair_serialized_public_key (requires forall (i: nat). i < 2 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti index 0d78e304b..654e7f647 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -38,8 +38,8 @@ val serialized_public_key forall (i: nat). i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -72,9 +72,10 @@ val key_pair_serialized_public_key_mut (requires forall (i: nat). i < 2 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -87,9 +88,10 @@ val key_pair_serialized_public_key (requires forall (i: nat). i < 2 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti index 8b44e885d..0971ec8be 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -38,8 +38,8 @@ val serialized_public_key forall (i: nat). i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -72,9 +72,10 @@ val key_pair_serialized_public_key_mut (requires forall (i: nat). i < 2 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -87,9 +88,10 @@ val key_pair_serialized_public_key (requires forall (i: nat). i < 2 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti index 63c57415e..39a6dac29 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -34,8 +34,8 @@ val serialized_public_key forall (i: nat). i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -69,9 +69,9 @@ val key_pair_serialized_public_key_mut (forall (i: nat). i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair - .f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i))) (fun _ -> Prims.l_True) @@ -84,9 +84,10 @@ val key_pair_serialized_public_key (requires forall (i: nat). i < 3 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti index 0aa06a36b..12d585a78 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -39,8 +39,8 @@ val serialized_public_key forall (i: nat). i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -74,9 +74,9 @@ val key_pair_serialized_public_key_mut (forall (i: nat). i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair - .f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i))) (fun _ -> Prims.l_True) @@ -89,9 +89,10 @@ val key_pair_serialized_public_key (requires forall (i: nat). i < 3 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti index edc6849b2..961c4e8c8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -39,8 +39,8 @@ val serialized_public_key forall (i: nat). i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) @@ -74,9 +74,9 @@ val key_pair_serialized_public_key_mut (forall (i: nat). i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair - .f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i))) (fun _ -> Prims.l_True) @@ -89,9 +89,10 @@ val key_pair_serialized_public_key (requires forall (i: nat). i < 3 ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair.f_public_key - .f_ind_cpa_public_key - .f_t_as_ntt + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair + .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key + .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Unpacked.fsti deleted file mode 100644 index 1910c0b08..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Unpacked.fsti +++ /dev/null @@ -1,48 +0,0 @@ -module Libcrux_ml_kem.Types.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Traits in - () - -/// An unpacked ML-KEM IND-CPA Private Key -type t_IndCpaPrivateKeyUnpacked - (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { f_secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K } - -/// An unpacked ML-KEM IND-CPA Private Key -type t_IndCpaPublicKeyUnpacked - (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { - f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; - f_seed_for_A:t_Array u8 (sz 32); - f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K -} - -/// An unpacked ML-KEM IND-CCA Private Key -type t_MlKemPrivateKeyUnpacked - (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { - f_ind_cpa_private_key:t_IndCpaPrivateKeyUnpacked v_K v_Vector; - f_implicit_rejection_value:t_Array u8 (sz 32) -} - -/// An unpacked ML-KEM IND-CCA Private Key -type t_MlKemPublicKeyUnpacked - (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { - f_ind_cpa_public_key:t_IndCpaPublicKeyUnpacked v_K v_Vector; - f_public_key_hash:t_Array u8 (sz 32) -} - -/// An unpacked ML-KEM KeyPair -type t_MlKemKeyPairUnpacked - (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - = { - f_private_key:t_MlKemPrivateKeyUnpacked v_K v_Vector; - f_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector -} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti deleted file mode 100644 index fe64003c4..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti +++ /dev/null @@ -1,30 +0,0 @@ -module Libcrux_ml_kem.Vector.Avx2.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -val deserialize_11_int (bytes: t_Slice u8) - : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) - -val serialize_11_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - Prims.l_True - (fun _ -> Prims.l_True) - -type t_PortableVector = { f_elements:t_Array i16 (sz 16) } - -val from_i16_array (array: t_Array i16 (sz 16)) - : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) - -val serialize_11_ (v: t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) - -val to_i16_array (v: t_PortableVector) - : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) - -val zero: Prims.unit -> Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) - -val deserialize_11_ (bytes: t_Slice u8) - : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti deleted file mode 100644 index 4ed69770d..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti +++ /dev/null @@ -1,100 +0,0 @@ -module Libcrux_ml_kem.Vector.Portable.Serialize.Edited -// #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -// open Core -// open FStar.Mul - -// val deserialize_10_int (bytes: t_Slice u8) -// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) -// Prims.l_True -// (fun _ -> Prims.l_True) - -// val deserialize_11_int (bytes: t_Slice u8) -// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) -// Prims.l_True -// (fun _ -> Prims.l_True) - -// val deserialize_12_int (bytes: t_Slice u8) -// : Prims.Pure (i16 & i16) Prims.l_True (fun _ -> Prims.l_True) - -// val deserialize_4_int (bytes: t_Slice u8) -// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) -// Prims.l_True -// (fun _ -> Prims.l_True) - -// val deserialize_5_int (bytes: t_Slice u8) -// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) -// Prims.l_True -// (fun _ -> Prims.l_True) - -// val serialize_10_int (v: t_Slice i16) -// : Prims.Pure (u8 & u8 & u8 & u8 & u8) -// (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) -// (ensures -// fun tuple -> -// let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in -// BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 4)) 10 (MkSeq.create5 tuple) 8) - -// val serialize_11_int (v: t_Slice i16) -// : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -// (requires Seq.length v == 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 11)) -// (ensures -// fun tuple -> -// let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in -// BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 8)) 11 (MkSeq.create11 tuple) 8) - -// val serialize_12_int (v: t_Slice i16) -// : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) - -// val serialize_4_int (v: t_Slice i16) -// : Prims.Pure (u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) - -// val serialize_5_int (v: t_Slice i16) -// : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) - -// val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) - -// val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) - -// val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) - -// val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) - -// val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) - -// val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) - -// val deserialize_1_ (v: t_Slice u8) -// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// Prims.l_True -// (fun _ -> Prims.l_True) - -// val deserialize_10_ (bytes: t_Slice u8) -// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// Prims.l_True -// (fun _ -> Prims.l_True) - -// val deserialize_11_ (bytes: t_Slice u8) -// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// Prims.l_True -// (fun _ -> Prims.l_True) - -// val deserialize_12_ (bytes: t_Slice u8) -// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// Prims.l_True -// (fun _ -> Prims.l_True) - -// val deserialize_4_ (bytes: t_Slice u8) -// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// Prims.l_True -// (fun _ -> Prims.l_True) - -// val deserialize_5_ (bytes: t_Slice u8) -// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// Prims.l_True -// (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/src/constant_time_ops.rs b/libcrux-ml-kem/src/constant_time_ops.rs index 649be46ae..e2390dccf 100644 --- a/libcrux-ml-kem/src/constant_time_ops.rs +++ b/libcrux-ml-kem/src/constant_time_ops.rs @@ -23,9 +23,9 @@ fn inz(value: u8) -> u8 { assert($value == zero); lognot_lemma $value; assert((~.$value +. (mk_u16 1)) == zero); - assert((Core.Num.impl__u16__wrapping_add (~.$value <: u16) (mk_u16 1) <: u16) == zero); + assert(($u16::wrapping_add (~.$value <: u16) (mk_u16 1) <: u16) == zero); logor_lemma $value zero; - assert(($value |. (Core.Num.impl__u16__wrapping_add (~.$value <: u16) (mk_u16 1) <: u16) <: u16) == $value); + assert(($value |. ($u16::wrapping_add (~.$value <: u16) (mk_u16 1) <: u16) <: u16) == $value); assert (v $result == v (($value >>! (mk_i32 8)))); assert ((v $value / pow2 8) == 0); assert ($result == (mk_u8 0)); @@ -40,7 +40,7 @@ fn inz(value: u8) -> u8 { assert ((v (~.$value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v $value)); assert ((v (~.$value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v $value)); assert ((v (~.$value) + 1)/pow2 8 = (pow2 8 - 1)); - assert (v ((Core.Num.impl__u16__wrapping_add (~.$value <: u16) (mk_u16 1) <: u16) >>! (mk_i32 8)) = pow2 8 - 1); + assert (v (($u16::wrapping_add (~.$value <: u16) (mk_u16 1) <: u16) >>! (mk_i32 8)) = pow2 8 - 1); assert ($result = ones); logand_lemma (mk_u8 1) $result; assert ($res = (mk_u8 1)))"# diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 916ff78a3..955ed5e77 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -487,13 +487,14 @@ pub(crate) mod unpacked { $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\ $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K"#) )] - #[hax_lib::ensures(|result| - fstar!(r#"let (public_key_hash, (seed, (deserialized_pk, (matrix_A, valid)))) = + #[hax_lib::ensures(|result| { + let unpacked_public_key_future = future(unpacked_public_key); + {fstar!(r#"let (public_key_hash, (seed, (deserialized_pk, (matrix_A, valid)))) = Spec.MLKEM.ind_cca_unpack_public_key $K ${public_key}.f_value in (valid ==> - Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_ind_cpa_public_key.f_A == matrix_A) /\ - Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key}_future.f_ind_cpa_public_key.f_t_as_ntt == deserialized_pk /\ - ${unpacked_public_key}_future.f_ind_cpa_public_key.f_seed_for_A == seed /\ - ${unpacked_public_key}_future.f_public_key_hash == public_key_hash"#)) + Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key_future.ind_cpa_public_key.A} == matrix_A) /\ + Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key_future.ind_cpa_public_key.t_as_ntt} == deserialized_pk /\ + ${unpacked_public_key_future.ind_cpa_public_key.seed_for_A} == seed /\ + ${unpacked_public_key_future.public_key_hash} == public_key_hash"#)}}) ] #[inline(always)] pub(crate) fn unpack_public_key< @@ -531,18 +532,20 @@ pub(crate) mod unpacked { impl MlKemPublicKeyUnpacked { /// Get the serialized public key. #[inline(always)] - #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\ + #[requires(fstar!(r#"let ${self_} = self in + Spec.MLKEM.is_rank $K /\ $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\ (forall (i:nat). i < v $K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - self.f_ind_cpa_public_key.f_t_as_ntt i))"#))] + ${self_.ind_cpa_public_key.t_as_ntt} i))"#))] #[ensures(|_| - fstar!(r#"${serialized}_future.f_value == + fstar!(r#"let ${self_} = self in + ${serialized}_future.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector - self.f_ind_cpa_public_key.f_t_as_ntt)) - self.f_ind_cpa_public_key.f_seed_for_A)"#) + ${self_.ind_cpa_public_key.t_as_ntt})) + ${self_.ind_cpa_public_key.seed_for_A})"#) )] pub fn serialized_mut< const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -560,17 +563,19 @@ pub(crate) mod unpacked { /// Get the serialized public key. #[inline(always)] - #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\ + #[requires(fstar!(r#"let ${self_} = self in + Spec.MLKEM.is_rank $K /\ $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\ (forall (i:nat). i < v $K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - self.f_ind_cpa_public_key.f_t_as_ntt i))"#))] + ${self_.ind_cpa_public_key.t_as_ntt} i))"#))] #[ensures(|res| - fstar!(r#"${res}.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K + fstar!(r#"let ${self_} = self in + ${res.value} == Seq.append (Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector - self.f_ind_cpa_public_key.f_t_as_ntt)) - self.f_ind_cpa_public_key.f_seed_for_A)"#) + ${self_.ind_cpa_public_key.t_as_ntt})) + ${self_.ind_cpa_public_key.seed_for_A})"#) )] pub fn serialized< const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -696,18 +701,20 @@ pub(crate) mod unpacked { /// Get the serialized public key. #[inline(always)] - #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\ + #[requires(fstar!(r#"let ${self_} = self in + Spec.MLKEM.is_rank $K /\ $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\ (forall (i:nat). i < v $K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"#))] + ${self_.public_key.ind_cpa_public_key.t_as_ntt} i))"#))] #[ensures(|_| - fstar!(r#"${serialized}_future.f_value == + fstar!(r#"let ${self_} = self in + ${serialized}_future.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector - self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt)) - self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)"#) + ${self_.public_key.ind_cpa_public_key.t_as_ntt})) + ${self_.public_key.ind_cpa_public_key.seed_for_A})"#) )] pub fn serialized_public_key_mut< const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -722,17 +729,19 @@ pub(crate) mod unpacked { /// Get the serialized public key. #[inline(always)] - #[requires(fstar!(r#"Spec.MLKEM.is_rank $K /\ + #[requires(fstar!(r#"let ${self_} = self in + Spec.MLKEM.is_rank $K /\ $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\ (forall (i:nat). i < v $K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"#))] + ${self_.public_key.ind_cpa_public_key.t_as_ntt} i))"#))] #[ensures(|res| - fstar!(r#"${res}.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K + fstar!(r#"let ${self_} = self in + ${res}.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector - self.f_public_key.f_ind_cpa_public_key.f_t_as_ntt)) - self.f_public_key.f_ind_cpa_public_key.f_seed_for_A)"#) + ${self_.public_key.ind_cpa_public_key.t_as_ntt})) + ${self_.public_key.ind_cpa_public_key.seed_for_A})"#) )] pub fn serialized_public_key< const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -961,8 +970,8 @@ pub(crate) mod unpacked { #[hax_lib::ensures(|(ciphertext_result, shared_secret_array)| fstar!(r#"let (ciphertext, shared_secret) = Spec.MLKEM.ind_cca_unpack_encapsulate $K ${public_key}.f_public_key_hash - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}.f_ind_cpa_public_key.f_t_as_ntt) - (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}.f_ind_cpa_public_key.f_A) + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key.ind_cpa_public_key.t_as_ntt}) + (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key.ind_cpa_public_key.A}) $randomness in ${ciphertext_result}.f_value == ciphertext /\ $shared_secret_array == shared_secret"#)) @@ -1039,12 +1048,12 @@ pub(crate) mod unpacked { $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"#))] #[hax_lib::ensures(|result| fstar!(r#"$result == - Spec.MLKEM.ind_cca_unpack_decapsulate $K ${key_pair}.f_public_key.f_public_key_hash - ${key_pair}.f_private_key.f_implicit_rejection_value - ${ciphertext}.f_value - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${key_pair}.f_private_key.f_ind_cpa_private_key.f_secret_as_ntt) - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt) - (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${key_pair}.f_public_key.f_ind_cpa_public_key.f_A)"#)) + Spec.MLKEM.ind_cca_unpack_decapsulate $K ${key_pair.public_key.public_key_hash} + ${key_pair.private_key.implicit_rejection_value} + ${ciphertext.value} + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${key_pair.private_key.ind_cpa_private_key.secret_as_ntt}) + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${key_pair.public_key.ind_cpa_public_key.t_as_ntt}) + (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${key_pair.public_key.ind_cpa_public_key.A})"#)) ] pub(crate) fn decapsulate< const K: usize, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 5c41ca234..489a15cdb 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -470,16 +470,19 @@ fn sample_vector_cbd_then_ntt_out< $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\ $ETA1 == Spec.MLKEM.v_ETA1 $K /\ length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"#))] -#[hax_lib::ensures(|_| fstar!(r#"let ((((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid) = Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in - (valid ==> (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}_future.f_t_as_ntt == t_as_ntt) /\ +#[hax_lib::ensures(|_| + { + let public_key_future = future(public_key); + {fstar!(r#"let ((((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid) = Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in + (valid ==> (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key_future.t_as_ntt} == t_as_ntt) /\ (${public_key}_future.f_seed_for_A == seed_for_A) /\ (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}_future.f_A == matrix_A_as_ntt) /\ (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${private_key}_future.f_secret_as_ntt == secret_as_ntt)) /\ (forall (i:nat). i < v $K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${private_key}_future.f_secret_as_ntt i)) /\ (forall (i:nat). i < v $K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${public_key}_future.f_t_as_ntt i)) -"#))] + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${public_key_future.t_as_ntt} i)) +"#)}})] #[inline(always)] pub(crate) fn generate_keypair_unpacked< const K: usize, @@ -537,15 +540,15 @@ pub(crate) fn generate_keypair_unpacked< r#"let (((t_as_ntt,seed_for_A), matrix_A_as_ntt), secret_as_ntt), valid = Spec.MLKEM.ind_cpa_generate_keypair_unpacked $K $key_generation_seed in assert (valid ==> - ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector public_key.f_t_as_ntt) == - t_as_ntt) /\ (public_key.f_seed_for_A == seed_for_A) /\ - (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector public_key.f_A == matrix_A_as_ntt) /\ - ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector private_key.f_secret_as_ntt) == + ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key.t_as_ntt}) == + t_as_ntt) /\ (${public_key.seed_for_A} == seed_for_A) /\ + (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key.A} == matrix_A_as_ntt) /\ + ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${private_key.secret_as_ntt}) == secret_as_ntt)); assert ((forall (i: nat). i < v $K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key.f_secret_as_ntt i)) /\ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${private_key.secret_as_ntt} i)) /\ (forall (i: nat). i < v $K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key.f_t_as_ntt i)))"# + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${public_key.t_as_ntt} i)))"# ); // For encapsulation, we need to store A not Aˆ, and so we untranspose A @@ -740,8 +743,8 @@ fn compress_then_serialize_u< length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"#))] #[hax_lib::ensures(|result| fstar!(r#"$result == Spec.MLKEM.ind_cpa_encrypt_unpacked $K $message $randomness - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key}.f_t_as_ntt) - (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key}.f_A)"#) + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${public_key.t_as_ntt}) + (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${public_key.A})"#) )] #[inline(always)] pub(crate) fn encrypt_unpacked< @@ -909,8 +912,8 @@ pub(crate) fn encrypt< let (t_as_ntt_bytes, seed_for_A) = split public_key $T_AS_NTT_ENCODED_SIZE in let t_as_ntt = Spec.MLKEM.vector_decode_12 #$K t_as_ntt_bytes in let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #$K seed_for_A in - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${result}.f_t_as_ntt == t_as_ntt /\ - valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${result}.f_A == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)"#))] + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${result.t_as_ntt} == t_as_ntt /\ + valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${result.A} == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)"#))] fn build_unpacked_public_key< const K: usize, const T_AS_NTT_ENCODED_SIZE: usize, @@ -931,12 +934,14 @@ fn build_unpacked_public_key< #[hax_lib::requires(fstar!(r#"Spec.MLKEM.is_rank $K /\ $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\ length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K"#))] -#[hax_lib::ensures(|_| fstar!(r#" +#[hax_lib::ensures(|_| { + let unpacked_public_key_future = future(unpacked_public_key); + {fstar!(r#" let (t_as_ntt_bytes, seed_for_A) = split public_key $T_AS_NTT_ENCODED_SIZE in let t_as_ntt = Spec.MLKEM.vector_decode_12 #$K t_as_ntt_bytes in let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #$K seed_for_A in - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key}_future.f_t_as_ntt == t_as_ntt /\ - valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key}_future.f_A == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)"#))] + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector ${unpacked_public_key_future.t_as_ntt} == t_as_ntt /\ + valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #$K #$:Vector ${unpacked_public_key_future.A} == Spec.MLKEM.matrix_transpose matrix_A_as_ntt)"#)}})] pub(crate) fn build_unpacked_public_key_mut< const K: usize, const T_AS_NTT_ENCODED_SIZE: usize, diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 7976f095e..ca8dacc76 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -265,7 +265,7 @@ macro_rules! instantiate { /// Get the serialized public key. #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"#))] + ${public_key.ind_cpa_public_key.t_as_ntt} i)"#))] pub fn serialized_public_key( public_key: &MlKem1024PublicKeyUnpacked, serialized: &mut MlKem1024PublicKey, @@ -289,7 +289,7 @@ macro_rules! instantiate { /// Get the serialized public key. #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"#))] + ${key_pair.public_key.ind_cpa_public_key.t_as_ntt} i)"#))] pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem1024KeyPairUnpacked, serialized: &mut MlKem1024PublicKey) { key_pair.serialized_public_key_mut::(serialized); } @@ -297,7 +297,7 @@ macro_rules! instantiate { /// Get the serialized public key. #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"#))] + ${key_pair.public_key.ind_cpa_public_key.t_as_ntt} i)"#))] pub fn key_pair_serialized_public_key(key_pair: &MlKem1024KeyPairUnpacked) ->MlKem1024PublicKey { key_pair.serialized_public_key::() } diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 52cfa2543..c5d253310 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -255,7 +255,7 @@ macro_rules! instantiate { /// Get the serialized public key. #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"#))] + ${public_key.ind_cpa_public_key.t_as_ntt} i)"#))] pub fn serialized_public_key( public_key: &MlKem512PublicKeyUnpacked, serialized: &mut MlKem512PublicKey, @@ -279,7 +279,7 @@ macro_rules! instantiate { /// Get the serialized public key. #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"#))] + ${key_pair.public_key.ind_cpa_public_key.t_as_ntt} i)"#))] pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem512KeyPairUnpacked, serialized: &mut MlKem512PublicKey) { key_pair.serialized_public_key_mut::(serialized); } @@ -287,7 +287,7 @@ macro_rules! instantiate { /// Get the serialized public key. #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"#))] + ${key_pair.public_key.ind_cpa_public_key.t_as_ntt} i)"#))] pub fn key_pair_serialized_public_key(key_pair: &MlKem512KeyPairUnpacked) ->MlKem512PublicKey { key_pair.serialized_public_key::() } diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index a96c83304..25ad7ed28 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -256,7 +256,7 @@ macro_rules! instantiate { /// Get the serialized public key. #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - ${public_key}.f_ind_cpa_public_key.f_t_as_ntt i)"#))] + ${public_key.ind_cpa_public_key.t_as_ntt} i)"#))] pub fn serialized_public_key(public_key: &MlKem768PublicKeyUnpacked, serialized : &mut MlKem768PublicKey) { public_key.serialized_mut::(serialized); } @@ -274,7 +274,7 @@ macro_rules! instantiate { /// Get the serialized public key. #[hax_lib::requires(fstar!(r#"(forall (i:nat). i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i))"#))] + ${key_pair.public_key.ind_cpa_public_key.t_as_ntt} i))"#))] pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem768KeyPairUnpacked, serialized: &mut MlKem768PublicKey) { key_pair.serialized_public_key_mut::(serialized); } @@ -282,7 +282,7 @@ macro_rules! instantiate { /// Get the serialized public key. #[hax_lib::requires(fstar!(r#"forall (i:nat). i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index - ${key_pair}.f_public_key.f_ind_cpa_public_key.f_t_as_ntt i)"#))] + ${key_pair.public_key.ind_cpa_public_key.t_as_ntt} i)"#))] pub fn key_pair_serialized_public_key(key_pair: &MlKem768KeyPairUnpacked) ->MlKem768PublicKey { key_pair.serialized_public_key::() } diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index f20498185..0f47d2555 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -13,7 +13,7 @@ macro_rules! impl_generic_struct { #[hax_lib::attributes] impl AsRef<[u8]> for $name { - #[ensures(|result| fstar!(r#"$result = self___.f_value"#))] + #[ensures(|result| fstar!(r#"$result = ${self_}.f_value"#))] fn as_ref(&self) -> &[u8] { &self.value } diff --git a/libcrux-ml-kem/src/vector/avx2/sampling.rs b/libcrux-ml-kem/src/vector/avx2/sampling.rs index f8320e1d0..6302fb3be 100644 --- a/libcrux-ml-kem/src/vector/avx2/sampling.rs +++ b/libcrux-ml-kem/src/vector/avx2/sampling.rs @@ -34,12 +34,12 @@ pub(crate) fn rejection_sample(input: &[u8], output: &mut [i16]) -> usize { hax_lib::fstar!( r#"assert (v (cast (${good}.[ sz 0 ] <: u8) <: usize) < 256); assert (v (cast (${good}.[ sz 1 ] <: u8) <: usize) < 256); - // We need to provide a definition or post-condition for Core.Num.impl__u8__count_ones - assume (v (cast (Core.Num.impl__u8__count_ones ${good}.[ sz 0 ]) <: usize) <= 8); - assume (v (cast (Core.Num.impl__u8__count_ones ${good}.[ sz 1 ]) <: usize) <= 8); + // We need to provide a definition or post-condition for ${u8::count_ones} + assume (v (cast (${u8::count_ones} ${good}.[ sz 0 ]) <: usize) <= 8); + assume (v (cast (${u8::count_ones} ${good}.[ sz 1 ]) <: usize) <= 8); assume (Core.Ops.Index.f_index_pre output ({ - Core.Ops.Range.f_start = cast (Core.Num.impl__u8__count_ones ${good}.[ sz 0 ]) <: usize; - Core.Ops.Range.f_end = (cast (Core.Num.impl__u8__count_ones ${good}.[ sz 0 ]) <: usize) +! sz 8 }))"# + Core.Ops.Range.f_start = cast (${u8::count_ones} ${good}.[ sz 0 ]) <: usize; + Core.Ops.Range.f_end = (cast (${u8::count_ones} ${good}.[ sz 0 ]) <: usize) +! sz 8 }))"# ); // Each bit (and its corresponding position) represents an element we From 39f2dbf51d440a346d0a8a1a4f5637c4ef086899 Mon Sep 17 00:00:00 2001 From: Maxime Buyse Date: Thu, 30 Jan 2025 15:28:56 +0100 Subject: [PATCH 15/15] Update F* output with latest hax (after merging new naming). --- .../Libcrux_intrinsics.Arm64_extract.fst | 309 ++++--- .../Libcrux_intrinsics.Arm64_extract.fsti | 154 ++-- .../Libcrux_intrinsics.Avx2_extract.fst | 12 +- .../Libcrux_intrinsics.Avx2_extract.fsti | 134 +-- .../extraction/Libcrux_ml_dsa.Arithmetic.fst | 4 +- .../extraction/Libcrux_ml_dsa.Arithmetic.fsti | 2 +- .../extraction/Libcrux_ml_dsa.Constants.fst | 4 +- .../extraction/Libcrux_ml_dsa.Constants.fsti | 4 +- .../extraction/Libcrux_ml_dsa.Encoding.T1.fst | 12 +- .../Libcrux_ml_dsa.Encoding.T1.fsti | 4 +- ...generic.Instantiations.Avx2.Ml_dsa_44_.fst | 24 +- ...eneric.Instantiations.Avx2.Ml_dsa_44_.fsti | 12 +- ...generic.Instantiations.Avx2.Ml_dsa_65_.fst | 24 +- ...eneric.Instantiations.Avx2.Ml_dsa_65_.fsti | 12 +- ...generic.Instantiations.Avx2.Ml_dsa_87_.fst | 24 +- ...eneric.Instantiations.Avx2.Ml_dsa_87_.fsti | 12 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst | 4 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst | 4 +- ...bcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst | 4 +- .../extraction/Libcrux_ml_dsa.Sample.fst | 8 +- .../Libcrux_ml_dsa.Samplex4.Avx2.fst | 4 +- .../Libcrux_ml_dsa.Samplex4.Avx2.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst | 6 +- .../Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti | 2 +- ...ibcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst | 8 +- ...bcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti | 8 +- ...bcrux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fst | 12 +- ...crux_ml_dsa.Simd.Avx2.Encoding.Gamma1.fsti | 16 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fst | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T0.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Invntt.fst | 2 +- .../Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti | 24 +- .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fst | 64 +- .../Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti | 24 +- ...md.Avx2.Rejection_sample.Less_than_eta.fst | 4 +- ...jection_sample.Less_than_field_modulus.fst | 6 +- ...ection_sample.Less_than_field_modulus.fsti | 2 +- .../extraction/Libcrux_ml_dsa.Simd.Avx2.fst | 16 +- ...ibcrux_ml_dsa.Simd.Portable.Arithmetic.fst | 19 +- ...bcrux_ml_dsa.Simd.Portable.Arithmetic.fsti | 6 +- ...ux_ml_dsa.Simd.Portable.Encoding.Error.fst | 51 +- ...x_ml_dsa.Simd.Portable.Encoding.Error.fsti | 8 +- ...x_ml_dsa.Simd.Portable.Encoding.Gamma1.fst | 34 +- ..._ml_dsa.Simd.Portable.Encoding.Gamma1.fsti | 16 +- ...bcrux_ml_dsa.Simd.Portable.Encoding.T0.fst | 16 +- ...crux_ml_dsa.Simd.Portable.Encoding.T0.fsti | 2 +- .../Libcrux_ml_dsa.Simd.Portable.Invntt.fsti | 20 +- .../Libcrux_ml_dsa.Simd.Portable.Ntt.fsti | 20 +- .../Libcrux_ml_dsa.Simd.Portable.fst | 16 +- .../Libcrux_ml_dsa.Simd.Traits.fsti | 24 +- .../Libcrux_ml_kem.Constant_time_ops.fst | 14 +- .../Libcrux_ml_kem.Hash_functions.fsti | 4 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 22 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 58 +- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 2 +- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 2 +- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fst | 2 +- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti | 2 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 36 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 10 +- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 12 +- .../extraction/Libcrux_ml_kem.Matrix.fst | 4 +- ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti | 6 +- ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti | 6 +- ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti | 6 +- .../Libcrux_ml_kem.Mlkem1024.Rand.fst | 32 +- .../Libcrux_ml_kem.Mlkem1024.Rand.fsti | 20 +- ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 6 +- ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 6 +- ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti | 6 +- .../Libcrux_ml_kem.Mlkem512.Rand.fst | 32 +- .../Libcrux_ml_kem.Mlkem512.Rand.fsti | 20 +- ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 6 +- ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 6 +- ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti | 6 +- .../Libcrux_ml_kem.Mlkem768.Rand.fst | 32 +- .../Libcrux_ml_kem.Mlkem768.Rand.fsti | 20 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 22 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti | 8 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 4 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 4 +- .../fstar/extraction/Libcrux_ml_kem.Types.fst | 6 +- .../fstar/extraction/Libcrux_ml_kem.Utils.fst | 12 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fst | 28 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 12 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 234 ++--- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 64 +- .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 56 +- .../Libcrux_ml_kem.Vector.Neon.Arithmetic.fst | 79 +- .../Libcrux_ml_kem.Vector.Neon.Compress.fst | 99 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fst | 205 +++-- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 144 +-- ...Libcrux_ml_kem.Vector.Neon.Vector_type.fst | 12 +- .../extraction/Libcrux_ml_kem.Vector.Neon.fst | 56 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 63 +- ...bcrux_ml_kem.Vector.Portable.Compress.fsti | 2 +- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 22 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 866 +++++++++--------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 118 +-- .../Libcrux_ml_kem.Vector.Portable.fst | 56 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 98 +- 104 files changed, 1931 insertions(+), 1926 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst index bfaed9cba..debc8ac70 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fst @@ -1,391 +1,388 @@ module Libcrux_intrinsics.Arm64_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul assume -val v__vdupq_n_s16': i: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vdupq_n_s16': i: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vdupq_n_s16 = v__vdupq_n_s16' +let e_vdupq_n_s16 = e_vdupq_n_s16' assume -val v__vdupq_n_u64': i: u64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vdupq_n_u64': i: u64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vdupq_n_u64 = v__vdupq_n_u64' +let e_vdupq_n_u64 = e_vdupq_n_u64' assume -val v__vst1q_s16': out: t_Slice i16 -> v: u8 +val e_vst1q_s16': out: t_Slice i16 -> v: u8 -> Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) -let v__vst1q_s16 = v__vst1q_s16' +let e_vst1q_s16 = e_vst1q_s16' assume -val v__vld1q_s16': array: t_Slice i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vld1q_s16': array: t_Slice i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vld1q_s16 = v__vld1q_s16' +let e_vld1q_s16 = e_vld1q_s16' assume -val v__vld1q_bytes_u64': array: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vld1q_bytes_u64': array: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vld1q_bytes_u64 = v__vld1q_bytes_u64' +let e_vld1q_bytes_u64 = e_vld1q_bytes_u64' assume -val v__vld1q_u64': array: t_Slice u64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vld1q_u64': array: t_Slice u64 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vld1q_u64 = v__vld1q_u64' +let e_vld1q_u64 = e_vld1q_u64' assume -val v__vst1q_u64': out: t_Slice u64 -> v: u8 +val e_vst1q_u64': out: t_Slice u64 -> v: u8 -> Prims.Pure (t_Slice u64) Prims.l_True (fun _ -> Prims.l_True) -let v__vst1q_u64 = v__vst1q_u64' +let e_vst1q_u64 = e_vst1q_u64' assume -val v__vst1q_bytes_u64': out: t_Slice u8 -> v: u8 +val e_vst1q_bytes_u64': out: t_Slice u8 -> v: u8 -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let v__vst1q_bytes_u64 = v__vst1q_bytes_u64' +let e_vst1q_bytes_u64 = e_vst1q_bytes_u64' assume -val v__vaddq_s16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vaddq_s16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vaddq_s16 = v__vaddq_s16' +let e_vaddq_s16 = e_vaddq_s16' assume -val v__vsubq_s16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vsubq_s16': lhs: u8 -> rhs: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vsubq_s16 = v__vsubq_s16' +let e_vsubq_s16 = e_vsubq_s16' assume -val v__vmulq_n_s16': v: u8 -> c: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmulq_n_s16': v: u8 -> c: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vmulq_n_s16 = v__vmulq_n_s16' +let e_vmulq_n_s16 = e_vmulq_n_s16' assume -val v__vmulq_n_u16': v: u8 -> c: u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmulq_n_u16': v: u8 -> c: u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vmulq_n_u16 = v__vmulq_n_u16' +let e_vmulq_n_u16 = e_vmulq_n_u16' assume -val v__vshrq_n_s16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshrq_n_s16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vshrq_n_s16 (v_SHIFT_BY: i32) = v__vshrq_n_s16' v_SHIFT_BY +let e_vshrq_n_s16 (v_SHIFT_BY: i32) = e_vshrq_n_s16' v_SHIFT_BY assume -val v__vshrq_n_u16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshrq_n_u16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vshrq_n_u16 (v_SHIFT_BY: i32) = v__vshrq_n_u16' v_SHIFT_BY +let e_vshrq_n_u16 (v_SHIFT_BY: i32) = e_vshrq_n_u16' v_SHIFT_BY assume -val v__vshrq_n_u64': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshrq_n_u64': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vshrq_n_u64 (v_SHIFT_BY: i32) = v__vshrq_n_u64' v_SHIFT_BY +let e_vshrq_n_u64 (v_SHIFT_BY: i32) = e_vshrq_n_u64' v_SHIFT_BY assume -val v__vshlq_n_u64': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshlq_n_u64': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vshlq_n_u64 (v_SHIFT_BY: i32) = v__vshlq_n_u64' v_SHIFT_BY +let e_vshlq_n_u64 (v_SHIFT_BY: i32) = e_vshlq_n_u64' v_SHIFT_BY assume -val v__vshlq_n_s16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshlq_n_s16': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vshlq_n_s16 (v_SHIFT_BY: i32) = v__vshlq_n_s16' v_SHIFT_BY +let e_vshlq_n_s16 (v_SHIFT_BY: i32) = e_vshlq_n_s16' v_SHIFT_BY assume -val v__vshlq_n_u32': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshlq_n_u32': v_SHIFT_BY: i32 -> v: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vshlq_n_u32 (v_SHIFT_BY: i32) = v__vshlq_n_u32' v_SHIFT_BY +let e_vshlq_n_u32 (v_SHIFT_BY: i32) = e_vshlq_n_u32' v_SHIFT_BY assume -val v__vqdmulhq_n_s16': k: u8 -> b: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vqdmulhq_n_s16': k: u8 -> b: i16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vqdmulhq_n_s16 = v__vqdmulhq_n_s16' +let e_vqdmulhq_n_s16 = e_vqdmulhq_n_s16' assume -val v__vqdmulhq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vqdmulhq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vqdmulhq_s16 = v__vqdmulhq_s16' +let e_vqdmulhq_s16 = e_vqdmulhq_s16' assume -val v__vcgeq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vcgeq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vcgeq_s16 = v__vcgeq_s16' +let e_vcgeq_s16 = e_vcgeq_s16' assume -val v__vandq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vandq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vandq_s16 = v__vandq_s16' +let e_vandq_s16 = e_vandq_s16' assume -val v__vbicq_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vbicq_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vbicq_u64 = v__vbicq_u64' +let e_vbicq_u64 = e_vbicq_u64' assume -val v__vreinterpretq_s16_u16': m0: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s16_u16': m0: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_s16_u16 = v__vreinterpretq_s16_u16' +let e_vreinterpretq_s16_u16 = e_vreinterpretq_s16_u16' assume -val v__vreinterpretq_u16_s16': m0: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u16_s16': m0: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_u16_s16 = v__vreinterpretq_u16_s16' +let e_vreinterpretq_u16_s16 = e_vreinterpretq_u16_s16' assume -val v__vmulq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmulq_s16': v: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vmulq_s16 = v__vmulq_s16' +let e_vmulq_s16 = e_vmulq_s16' assume -val v__veorq_s16': mask: u8 -> shifted: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_veorq_s16': mask: u8 -> shifted: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__veorq_s16 = v__veorq_s16' +let e_veorq_s16 = e_veorq_s16' assume -val v__veorq_u64': mask: u8 -> shifted: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_veorq_u64': mask: u8 -> shifted: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__veorq_u64 = v__veorq_u64' +let e_veorq_u64 = e_veorq_u64' assume -val v__vdupq_n_u32': value: u32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vdupq_n_u32': value: u32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vdupq_n_u32 = v__vdupq_n_u32' +let e_vdupq_n_u32 = e_vdupq_n_u32' assume -val v__vaddq_u32': compressed: u8 -> half: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vaddq_u32': compressed: u8 -> half: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vaddq_u32 = v__vaddq_u32' +let e_vaddq_u32 = e_vaddq_u32' assume -val v__vreinterpretq_s32_u32': compressed: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s32_u32': compressed: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_s32_u32 = v__vreinterpretq_s32_u32' +let e_vreinterpretq_s32_u32 = e_vreinterpretq_s32_u32' assume -val v__vqdmulhq_n_s32': a: u8 -> b: i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vqdmulhq_n_s32': a: u8 -> b: i32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vqdmulhq_n_s32 = v__vqdmulhq_n_s32' +let e_vqdmulhq_n_s32 = e_vqdmulhq_n_s32' assume -val v__vreinterpretq_u32_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u32_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_u32_s32 = v__vreinterpretq_u32_s32' +let e_vreinterpretq_u32_s32 = e_vreinterpretq_u32_s32' assume -val v__vshrq_n_u32': v_N: i32 -> a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshrq_n_u32': v_N: i32 -> a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vshrq_n_u32 (v_N: i32) = v__vshrq_n_u32' v_N +let e_vshrq_n_u32 (v_N: i32) = e_vshrq_n_u32' v_N assume -val v__vandq_u32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vandq_u32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vandq_u32 = v__vandq_u32' +let e_vandq_u32 = e_vandq_u32' assume -val v__vreinterpretq_u32_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u32_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_u32_s16 = v__vreinterpretq_u32_s16' +let e_vreinterpretq_u32_s16 = e_vreinterpretq_u32_s16' assume -val v__vreinterpretq_s16_u32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s16_u32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_s16_u32 = v__vreinterpretq_s16_u32' +let e_vreinterpretq_s16_u32 = e_vreinterpretq_s16_u32' assume -val v__vtrn1q_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn1q_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vtrn1q_s16 = v__vtrn1q_s16' +let e_vtrn1q_s16 = e_vtrn1q_s16' assume -val v__vtrn2q_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn2q_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vtrn2q_s16 = v__vtrn2q_s16' +let e_vtrn2q_s16 = e_vtrn2q_s16' assume -val v__vmulq_n_u32': a: u8 -> b: u32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmulq_n_u32': a: u8 -> b: u32 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vmulq_n_u32 = v__vmulq_n_u32' +let e_vmulq_n_u32 = e_vmulq_n_u32' assume -val v__vtrn1q_s32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn1q_s32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vtrn1q_s32 = v__vtrn1q_s32' +let e_vtrn1q_s32 = e_vtrn1q_s32' assume -val v__vreinterpretq_s16_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s16_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_s16_s32 = v__vreinterpretq_s16_s32' +let e_vreinterpretq_s16_s32 = e_vreinterpretq_s16_s32' assume -val v__vreinterpretq_s32_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s32_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_s32_s16 = v__vreinterpretq_s32_s16' +let e_vreinterpretq_s32_s16 = e_vreinterpretq_s32_s16' assume -val v__vtrn2q_s32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn2q_s32': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vtrn2q_s32 = v__vtrn2q_s32' +let e_vtrn2q_s32 = e_vtrn2q_s32' assume -val v__vtrn1q_s64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn1q_s64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vtrn1q_s64 = v__vtrn1q_s64' +let e_vtrn1q_s64 = e_vtrn1q_s64' assume -val v__vtrn1q_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn1q_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vtrn1q_u64 = v__vtrn1q_u64' +let e_vtrn1q_u64 = e_vtrn1q_u64' assume -val v__vreinterpretq_s16_s64': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s16_s64': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_s16_s64 = v__vreinterpretq_s16_s64' +let e_vreinterpretq_s16_s64 = e_vreinterpretq_s16_s64' assume -val v__vreinterpretq_s64_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s64_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_s64_s16 = v__vreinterpretq_s64_s16' +let e_vreinterpretq_s64_s16 = e_vreinterpretq_s64_s16' assume -val v__vtrn2q_s64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn2q_s64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vtrn2q_s64 = v__vtrn2q_s64' +let e_vtrn2q_s64 = e_vtrn2q_s64' assume -val v__vtrn2q_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn2q_u64': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vtrn2q_u64 = v__vtrn2q_u64' +let e_vtrn2q_u64 = e_vtrn2q_u64' assume -val v__vmull_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmull_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vmull_s16 = v__vmull_s16' +let e_vmull_s16 = e_vmull_s16' assume -val v__vget_low_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vget_low_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vget_low_s16 = v__vget_low_s16' +let e_vget_low_s16 = e_vget_low_s16' assume -val v__vmull_high_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmull_high_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vmull_high_s16 = v__vmull_high_s16' +let e_vmull_high_s16 = e_vmull_high_s16' assume -val v__vmlal_s16': a: u8 -> b: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmlal_s16': a: u8 -> b: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vmlal_s16 = v__vmlal_s16' +let e_vmlal_s16 = e_vmlal_s16' assume -val v__vmlal_high_s16': a: u8 -> b: u8 -> c: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmlal_high_s16': a: u8 -> b: u8 -> c: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vmlal_high_s16 = v__vmlal_high_s16' +let e_vmlal_high_s16 = e_vmlal_high_s16' assume -val v__vld1q_u8': ptr: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vld1q_u8': ptr: t_Slice u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vld1q_u8 = v__vld1q_u8' +let e_vld1q_u8 = e_vld1q_u8' assume -val v__vreinterpretq_u8_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u8_s16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_u8_s16 = v__vreinterpretq_u8_s16' +let e_vreinterpretq_u8_s16 = e_vreinterpretq_u8_s16' assume -val v__vqtbl1q_u8': t: u8 -> idx: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vqtbl1q_u8': t: u8 -> idx: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vqtbl1q_u8 = v__vqtbl1q_u8' +let e_vqtbl1q_u8 = e_vqtbl1q_u8' assume -val v__vreinterpretq_s16_u8': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s16_u8': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_s16_u8 = v__vreinterpretq_s16_u8' +let e_vreinterpretq_s16_u8 = e_vreinterpretq_s16_u8' assume -val v__vshlq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshlq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vshlq_s16 = v__vshlq_s16' +let e_vshlq_s16 = e_vshlq_s16' assume -val v__vshlq_u16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshlq_u16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vshlq_u16 = v__vshlq_u16' +let e_vshlq_u16 = e_vshlq_u16' assume -val v__vaddv_u16': a: u8 -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) +val e_vaddv_u16': a: u8 -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) -let v__vaddv_u16 = v__vaddv_u16' +let e_vaddv_u16 = e_vaddv_u16' assume -val v__vget_low_u16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vget_low_u16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vget_low_u16 = v__vget_low_u16' +let e_vget_low_u16 = e_vget_low_u16' assume -val v__vget_high_u16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vget_high_u16': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vget_high_u16 = v__vget_high_u16' +let e_vget_high_u16 = e_vget_high_u16' assume -val v__vaddvq_s16': a: u8 -> Prims.Pure i16 Prims.l_True (fun _ -> Prims.l_True) +val e_vaddvq_s16': a: u8 -> Prims.Pure i16 Prims.l_True (fun _ -> Prims.l_True) -let v__vaddvq_s16 = v__vaddvq_s16' +let e_vaddvq_s16 = e_vaddvq_s16' assume -val v__vsliq_n_s32': v_N: i32 -> a: u8 -> b: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vsliq_n_s32': v_N: i32 -> a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vsliq_n_s32 (v_N: i32) = v__vsliq_n_s32' v_N +let e_vsliq_n_s32 (v_N: i32) = e_vsliq_n_s32' v_N assume -val v__vreinterpretq_s64_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s64_s32': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_s64_s32 = v__vreinterpretq_s64_s32' +let e_vreinterpretq_s64_s32 = e_vreinterpretq_s64_s32' assume -val v__vsliq_n_s64': v_N: i32 -> a: u8 -> b: u8 - -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vsliq_n_s64': v_N: i32 -> a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vsliq_n_s64 (v_N: i32) = v__vsliq_n_s64' v_N +let e_vsliq_n_s64 (v_N: i32) = e_vsliq_n_s64' v_N assume -val v__vreinterpretq_u8_s64': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u8_s64': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_u8_s64 = v__vreinterpretq_u8_s64' +let e_vreinterpretq_u8_s64 = e_vreinterpretq_u8_s64' assume -val v__vst1q_u8': out: t_Slice u8 -> v: u8 +val e_vst1q_u8': out: t_Slice u8 -> v: u8 -> Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let v__vst1q_u8 = v__vst1q_u8' +let e_vst1q_u8 = e_vst1q_u8' assume -val v__vdupq_n_u16': value: u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vdupq_n_u16': value: u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vdupq_n_u16 = v__vdupq_n_u16' +let e_vdupq_n_u16 = e_vdupq_n_u16' assume -val v__vandq_u16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vandq_u16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vandq_u16 = v__vandq_u16' +let e_vandq_u16 = e_vandq_u16' assume -val v__vreinterpretq_u16_u8': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u16_u8': a: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vreinterpretq_u16_u8 = v__vreinterpretq_u16_u8' +let e_vreinterpretq_u16_u8 = e_vreinterpretq_u16_u8' assume -val v__vld1q_u16': ptr: t_Slice u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vld1q_u16': ptr: t_Slice u16 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vld1q_u16 = v__vld1q_u16' +let e_vld1q_u16 = e_vld1q_u16' assume -val v__vcleq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vcleq_s16': a: u8 -> b: u8 -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -let v__vcleq_s16 = v__vcleq_s16' +let e_vcleq_s16 = e_vcleq_s16' assume -val v__vaddvq_u16': a: u8 -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) +val e_vaddvq_u16': a: u8 -> Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) -let v__vaddvq_u16 = v__vaddvq_u16' +let e_vaddvq_u16 = e_vaddvq_u16' diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti index 9f1999bf3..df3c8d7a1 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti @@ -1,160 +1,160 @@ module Libcrux_intrinsics.Arm64_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul -val v__vdupq_n_s16 (i: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vdupq_n_s16 (i: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vdupq_n_u64 (i: u64) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vdupq_n_u64 (i: u64) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vst1q_s16 (out: t_Slice i16) (v: u8) +val e_vst1q_s16 (out: t_Slice i16) (v: u8) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) -val v__vld1q_s16 (array: t_Slice i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vld1q_s16 (array: t_Slice i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vld1q_bytes_u64 (array: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vld1q_bytes_u64 (array: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vld1q_u64 (array: t_Slice u64) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vld1q_u64 (array: t_Slice u64) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vst1q_u64 (out: t_Slice u64) (v: u8) +val e_vst1q_u64 (out: t_Slice u64) (v: u8) : Prims.Pure (t_Slice u64) Prims.l_True (fun _ -> Prims.l_True) -val v__vst1q_bytes_u64 (out: t_Slice u8) (v: u8) +val e_vst1q_bytes_u64 (out: t_Slice u8) (v: u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val v__vaddq_s16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vaddq_s16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vsubq_s16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vsubq_s16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vmulq_n_s16 (v: u8) (c: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmulq_n_s16 (v: u8) (c: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vmulq_n_u16 (v: u8) (c: u16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmulq_n_u16 (v: u8) (c: u16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vshrq_n_s16 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshrq_n_s16 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vshrq_n_u16 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshrq_n_u16 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vshrq_n_u64 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshrq_n_u64 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vshlq_n_u64 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshlq_n_u64 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vshlq_n_s16 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshlq_n_s16 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vshlq_n_u32 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshlq_n_u32 (v_SHIFT_BY: i32) (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vqdmulhq_n_s16 (k: u8) (b: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vqdmulhq_n_s16 (k: u8) (b: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vqdmulhq_s16 (v c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vqdmulhq_s16 (v c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vcgeq_s16 (v c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vcgeq_s16 (v c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vandq_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vandq_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vbicq_u64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vbicq_u64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_s16_u16 (m0: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s16_u16 (m0: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_u16_s16 (m0: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u16_s16 (m0: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vmulq_s16 (v c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmulq_s16 (v c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__veorq_s16 (mask shifted: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_veorq_s16 (mask shifted: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__veorq_u64 (mask shifted: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_veorq_u64 (mask shifted: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vdupq_n_u32 (value: u32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vdupq_n_u32 (value: u32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vaddq_u32 (compressed half: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vaddq_u32 (compressed half: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_s32_u32 (compressed: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s32_u32 (compressed: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vqdmulhq_n_s32 (a: u8) (b: i32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vqdmulhq_n_s32 (a: u8) (b: i32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_u32_s32 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u32_s32 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vshrq_n_u32 (v_N: i32) (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshrq_n_u32 (v_N: i32) (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vandq_u32 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vandq_u32 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_u32_s16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u32_s16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_s16_u32 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s16_u32 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vtrn1q_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn1q_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vtrn2q_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn2q_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vmulq_n_u32 (a: u8) (b: u32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmulq_n_u32 (a: u8) (b: u32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vtrn1q_s32 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn1q_s32 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_s16_s32 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s16_s32 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_s32_s16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s32_s16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vtrn2q_s32 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn2q_s32 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vtrn1q_s64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn1q_s64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vtrn1q_u64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn1q_u64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_s16_s64 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s16_s64 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_s64_s16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s64_s16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vtrn2q_s64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn2q_s64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vtrn2q_u64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vtrn2q_u64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vmull_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmull_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vget_low_s16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vget_low_s16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vmull_high_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmull_high_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vmlal_s16 (a b c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmlal_s16 (a b c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vmlal_high_s16 (a b c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vmlal_high_s16 (a b c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vld1q_u8 (ptr: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vld1q_u8 (ptr: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_u8_s16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u8_s16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vqtbl1q_u8 (t idx: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vqtbl1q_u8 (t idx: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_s16_u8 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s16_u8 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vshlq_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshlq_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vshlq_u16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vshlq_u16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vaddv_u16 (a: u8) : Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) +val e_vaddv_u16 (a: u8) : Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) -val v__vget_low_u16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vget_low_u16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vget_high_u16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vget_high_u16 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vaddvq_s16 (a: u8) : Prims.Pure i16 Prims.l_True (fun _ -> Prims.l_True) +val e_vaddvq_s16 (a: u8) : Prims.Pure i16 Prims.l_True (fun _ -> Prims.l_True) -val v__vsliq_n_s32 (v_N: i32) (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vsliq_n_s32 (v_N: i32) (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_s64_s32 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_s64_s32 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vsliq_n_s64 (v_N: i32) (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vsliq_n_s64 (v_N: i32) (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_u8_s64 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u8_s64 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vst1q_u8 (out: t_Slice u8) (v: u8) +val e_vst1q_u8 (out: t_Slice u8) (v: u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val v__vdupq_n_u16 (value: u16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vdupq_n_u16 (value: u16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vandq_u16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vandq_u16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vreinterpretq_u16_u8 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vreinterpretq_u16_u8 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vld1q_u16 (ptr: t_Slice u16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vld1q_u16 (ptr: t_Slice u16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vcleq_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val e_vcleq_s16 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -val v__vaddvq_u16 (a: u8) : Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) +val e_vaddvq_u16 (a: u8) : Prims.Pure u16 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst index 611d1d272..fd61a1fe3 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -1,13 +1,8 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul -assume -val mm256_movemask_ps': a: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) - -let mm256_movemask_ps = mm256_movemask_ps' - [@@ FStar.Tactics.Typeclasses.tcinstance] assume val impl': Core.Clone.t_Clone t_Vec256 @@ -231,6 +226,11 @@ val mm256_castsi256_ps': a: t_Vec256 -> Prims.Pure u8 Prims.l_True (fun _ -> Pri let mm256_castsi256_ps = mm256_castsi256_ps' +assume +val mm256_movemask_ps': a: u8 -> Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +let mm256_movemask_ps = mm256_movemask_ps' + assume val mm_mulhi_epi16': lhs: t_Vec128 -> rhs: t_Vec128 -> Prims.Pure t_Vec128 diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 9252b7f24..815168c27 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -7,78 +7,16 @@ unfold type t_Vec256 = bit_vec 256 val vec256_as_i16x16 (x: bit_vec 256) : t_Array i16 (sz 16) let get_lane (v: bit_vec 256) (i:nat{i < 16}) = Seq.index (vec256_as_i16x16 v) i -unfold type t_Vec128 = bit_vec 128 -val vec128_as_i16x8 (x: bit_vec 128) : t_Array i16 (sz 8) -let get_lane128 (v: bit_vec 128) (i:nat{i < 8}) = Seq.index (vec128_as_i16x8 v) i - -include BitVec.Intrinsics {mm_storeu_bytes_si128} - -include BitVec.Intrinsics {mm_loadu_si128} - -include BitVec.Intrinsics {mm_set_epi8} - -include BitVec.Intrinsics {mm256_set_epi8} - -include BitVec.Intrinsics {mm256_set1_epi16 as mm256_set1_epi16} -val lemma_mm256_set1_epi16 constant - : Lemma ( vec256_as_i16x16 (mm256_set1_epi16 constant) - == Spec.Utils.create (sz 16) constant - ) - [SMTPat (vec256_as_i16x16 (mm256_set1_epi16 constant))] - -include BitVec.Intrinsics {mm256_set_epi16 as mm256_set_epi16} -let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : - Lemma (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == - Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) - [SMTPat (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() - -include BitVec.Intrinsics {mm256_set_epi32} - -include BitVec.Intrinsics {mm256_madd_epi16 as mm256_madd_epi16} - -include BitVec.Intrinsics {mm256_mullo_epi16 as mm256_mullo_epi16} -let lemma_mm256_mullo_epi16 v1 v2 : - Lemma (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2) == - Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) - [SMTPat (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2))] = admit() - -val mm256_movemask_ps (a: u8) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) - -include BitVec.Intrinsics {mm256_and_si256 as mm256_and_si256} -val lemma_mm256_and_si256 lhs rhs - : Lemma ( vec256_as_i16x16 (mm256_and_si256 lhs rhs) - == Spec.Utils.map2 (&.) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs) - ) - [SMTPat (vec256_as_i16x16 (mm256_and_si256 lhs rhs))] - -include BitVec.Intrinsics {mm256_srli_epi16 as mm256_srli_epi16} - -include BitVec.Intrinsics {mm256_srli_epi64 as mm256_srli_epi64} - -include BitVec.Intrinsics {mm256_slli_epi16 as mm256_slli_epi16} - -include BitVec.Intrinsics {mm_shuffle_epi8} - -include BitVec.Intrinsics {mm256_shuffle_epi8} - -include BitVec.Intrinsics {mm256_castsi256_si128 as mm256_castsi256_si128} - -include BitVec.Intrinsics {mm_packs_epi16 as mm_packs_epi16} - -include BitVec.Intrinsics {mm256_extracti128_si256 as mm256_extracti128_si256} - -include BitVec.Intrinsics {mm_movemask_epi8 as mm_movemask_epi8} - -include BitVec.Intrinsics {mm256_permutevar8x32_epi32} - -include BitVec.Intrinsics {mm256_sllv_epi32} - [@@ FStar.Tactics.Typeclasses.tcinstance] val impl:Core.Clone.t_Clone t_Vec256 [@@ FStar.Tactics.Typeclasses.tcinstance] val impl_1:Core.Marker.t_Copy t_Vec256 +unfold type t_Vec128 = bit_vec 128 +val vec128_as_i16x8 (x: bit_vec 128) : t_Array i16 (sz 8) +let get_lane128 (v: bit_vec 128) (i:nat{i < 8}) = Seq.index (vec128_as_i16x8 v) i + [@@ FStar.Tactics.Typeclasses.tcinstance] val impl_3:Core.Clone.t_Clone t_Vec128 @@ -106,6 +44,10 @@ val mm_storeu_si128 (output: t_Slice i16) (vector: t_Vec128) val mm_storeu_si128_i32 (output: t_Slice i32) (vector: t_Vec128) : Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_storeu_bytes_si128} + +include BitVec.Intrinsics {mm_loadu_si128} + val mm256_loadu_si256_u8 (input: t_Slice u8) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -119,6 +61,23 @@ val mm256_setzero_si256: Prims.unit -> Prims.Pure t_Vec256 Prims.l_True (fun _ - val mm256_set_m128i (hi lo: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_set_epi8} + +include BitVec.Intrinsics {mm256_set_epi8} + +include BitVec.Intrinsics {mm256_set1_epi16 as mm256_set1_epi16} +val lemma_mm256_set1_epi16 constant + : Lemma ( vec256_as_i16x16 (mm256_set1_epi16 constant) + == Spec.Utils.create (sz 16) constant + ) + [SMTPat (vec256_as_i16x16 (mm256_set1_epi16 constant))] + +include BitVec.Intrinsics {mm256_set_epi16 as mm256_set_epi16} +let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : + Lemma (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == + Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) + [SMTPat (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() + val mm_set1_epi16 (constant: i16) : Prims.Pure t_Vec128 Prims.l_True @@ -132,6 +91,8 @@ val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ - val mm_set_epi32 (input3 input2 input1 input0: i32) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_set_epi32} + val mm_add_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True @@ -159,6 +120,8 @@ val mm256_add_epi16 (lhs rhs: t_Vec256) vec256_as_i16x16 result == Spec.Utils.map2 ( +. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) +include BitVec.Intrinsics {mm256_madd_epi16 as mm256_madd_epi16} + val mm256_add_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_sub_epi16 (lhs rhs: t_Vec256) @@ -176,6 +139,12 @@ val mm256_abs_epi32 (a: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> P val mm256_sub_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_mullo_epi16 as mm256_mullo_epi16} +let lemma_mm256_mullo_epi16 v1 v2 : + Lemma (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2) == + Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) + [SMTPat (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2))] = admit() + val mm_mullo_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True @@ -195,6 +164,8 @@ val mm256_sign_epi32 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ - val mm256_castsi256_ps (a: t_Vec256) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_movemask_ps (a: u8) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True @@ -225,6 +196,13 @@ val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_mul_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_and_si256 as mm256_and_si256} +val lemma_mm256_and_si256 lhs rhs + : Lemma ( vec256_as_i16x16 (mm256_and_si256 lhs rhs) + == Spec.Utils.map2 (&.) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs) + ) + [SMTPat (vec256_as_i16x16 (mm256_and_si256 lhs rhs))] + val mm256_or_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_testz_si256 (lhs rhs: t_Vec256) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) @@ -243,15 +221,25 @@ val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_srli_epi16 as mm256_srli_epi16} + val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm_srli_epi64 (v_SHIFT_BY: i32) (vector: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_srli_epi64 as mm256_srli_epi64} + +include BitVec.Intrinsics {mm256_slli_epi16 as mm256_slli_epi16} + val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_shuffle_epi8} + +include BitVec.Intrinsics {mm256_shuffle_epi8} + val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -267,14 +255,20 @@ val mm256_unpacklo_epi32 (lhs rhs: t_Vec256) val mm256_unpackhi_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_castsi256_si128 as mm256_castsi256_si128} + val mm256_castsi128_si256 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_cvtepi16_epi32 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_packs_epi16 as mm_packs_epi16} + val mm256_packs_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_extracti128_si256 as mm256_extracti128_si256} + val mm256_inserti128_si256 (v_CONTROL: i32) (vector: t_Vec256) (vector_i128: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -287,6 +281,10 @@ val mm256_blend_epi32 (v_CONTROL: i32) (lhs rhs: t_Vec256) val vec256_blendv_epi32 (a b mask: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_movemask_epi8 as mm_movemask_epi8} + +include BitVec.Intrinsics {mm256_permutevar8x32_epi32} + val mm256_srlv_epi32 (vector counts: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -296,6 +294,8 @@ val mm256_srlv_epi64 (vector counts: t_Vec256) val mm_sllv_epi32 (vector counts: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_sllv_epi32} + val mm256_slli_epi64 (v_LEFT: i32) (x: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst index 7f5e53e48..ab9aeae13 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fst @@ -435,7 +435,7 @@ let make_hint let hax_temp_output:usize = true_hints in hint, hax_temp_output <: (t_Slice (t_Array i32 (mk_usize 256)) & usize) -let use_hint +let uuse_hint (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: @@ -493,7 +493,7 @@ let use_hint Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tmp .Libcrux_ml_dsa.Polynomial.f_simd_units j - (Libcrux_ml_dsa.Simd.Traits.f_use_hint #v_SIMDUnit + (Libcrux_ml_dsa.Simd.Traits.f_uuse_hint #v_SIMDUnit #FStar.Tactics.Typeclasses.solve gamma2 ((re_vector.[ i ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti index b3a6bbd17..549389404 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Arithmetic.fsti @@ -55,7 +55,7 @@ val make_hint (hint: t_Slice (t_Array i32 (mk_usize 256))) : Prims.Pure (t_Slice (t_Array i32 (mk_usize 256)) & usize) Prims.l_True (fun _ -> Prims.l_True) -val use_hint +val uuse_hint (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (gamma2: i32) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst index afd911f5b..7614b3bc7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fst @@ -5,8 +5,8 @@ open FStar.Mul let t_Eta_cast_to_repr (x: t_Eta) = match x <: t_Eta with - | Eta_Two -> discriminant_Eta_Two - | Eta_Four -> discriminant_Eta_Four + | Eta_Two -> anon_const_Eta_Two__anon_const_0 + | Eta_Four -> anon_const_Eta_Four__anon_const_0 [@@ FStar.Tactics.Typeclasses.tcinstance] assume diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti index ecad79cfa..f2dae7aaa 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Constants.fsti @@ -48,9 +48,9 @@ type t_Eta = | Eta_Two : t_Eta | Eta_Four : t_Eta -let discriminant_Eta_Two: isize = mk_isize 2 +let anon_const_Eta_Two__anon_const_0: isize = mk_isize 2 -let discriminant_Eta_Four: isize = mk_isize 4 +let anon_const_Eta_Four__anon_const_0: isize = mk_isize 4 val t_Eta_cast_to_repr (x: t_Eta) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst index e157d9c43..4c68a6edf 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fst @@ -31,10 +31,10 @@ let serialize let i, simd_unit:(usize & v_SIMDUnit) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; + Core.Ops.Range.f_start = i *! serialize__v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! mk_usize 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! serialize__v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize) @@ -42,10 +42,10 @@ let serialize #FStar.Tactics.Typeclasses.solve simd_unit (serialized.[ { - Core.Ops.Range.f_start = i *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize; + Core.Ops.Range.f_start = i *! serialize__v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize; Core.Ops.Range.f_end = - (i +! mk_usize 1 <: usize) *! serialize__OUTPUT_BYTES_PER_SIMD_UNIT <: usize + (i +! mk_usize 1 <: usize) *! serialize__v_OUTPUT_BYTES_PER_SIMD_UNIT <: usize } <: Core.Ops.Range.t_Range usize ] @@ -90,10 +90,10 @@ let deserialize (Libcrux_ml_dsa.Simd.Traits.f_t1_deserialize #v_SIMDUnit #FStar.Tactics.Typeclasses.solve (serialized.[ { - Core.Ops.Range.f_start = i *! deserialize__WINDOW <: usize; + Core.Ops.Range.f_start = i *! deserialize__v_WINDOW <: usize; Core.Ops.Range.f_end = - (i +! mk_usize 1 <: usize) *! deserialize__WINDOW <: usize + (i +! mk_usize 1 <: usize) *! deserialize__v_WINDOW <: usize } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti index a7147ff3b..242d7ce5d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Encoding.T1.fsti @@ -9,7 +9,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let serialize__OUTPUT_BYTES_PER_SIMD_UNIT: usize = mk_usize 10 +let serialize__v_OUTPUT_BYTES_PER_SIMD_UNIT: usize = mk_usize 10 val serialize (#v_SIMDUnit: Type0) @@ -18,7 +18,7 @@ val serialize (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize__WINDOW: usize = mk_usize 10 +let deserialize__v_WINDOW: usize = mk_usize 10 val deserialize (#v_SIMDUnit: Type0) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst index cb9afcb00..b8ef9f0be 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fst @@ -17,7 +17,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let generate_key_pair___inner +let generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = @@ -42,14 +42,14 @@ let generate_key_pair (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = - generate_key_pair___inner randomness signing_key verification_key + generate_key_pair__e_inner randomness signing_key verification_key in let signing_key:t_Slice u8 = tmp0 in let verification_key:t_Slice u8 = tmp1 in let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let sign___inner +let sign__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -65,9 +65,9 @@ let sign (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) - = sign___inner signing_key message context randomness + = sign__e_inner signing_key message context randomness -let sign_mut___inner +let sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -97,7 +97,7 @@ let sign_mut = let tmp0, out:(t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = - sign_mut___inner signing_key message context randomness signature + sign_mut__e_inner signing_key message context randomness signature in let signature:t_Array u8 (mk_usize 2420) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in @@ -105,7 +105,7 @@ let sign_mut <: (t_Array u8 (mk_usize 2420) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) -let sign_pre_hashed_shake128___inner +let sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -140,7 +140,7 @@ let sign_pre_hashed_shake128 let tmp0, out:(t_Slice u8 & Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) = - sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness + sign_pre_hashed_shake128__e_inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) @@ -153,7 +153,7 @@ let sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) -let verify___inner +let verify__e_inner (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 2420)) @@ -172,9 +172,9 @@ let verify (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 2420)) - = verify___inner verification_key message context signature + = verify__e_inner verification_key message context signature -let verify_pre_hashed_shake128___inner +let verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 2420)) @@ -203,7 +203,7 @@ let verify_pre_hashed_shake128 = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = - verify_pre_hashed_shake128___inner verification_key message context pre_hash_buffer signature + verify_pre_hashed_shake128__e_inner verification_key message context pre_hash_buffer signature in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti index cfeaf068f..4570122ac 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_44_.fsti @@ -18,7 +18,7 @@ let _ = () /// Key Generation. -val generate_key_pair___inner +val generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -28,7 +28,7 @@ val generate_key_pair (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val sign___inner +val sign__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -45,7 +45,7 @@ val sign (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val sign_mut___inner +val sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -68,7 +68,7 @@ val sign_mut Prims.l_True (fun _ -> Prims.l_True) -val sign_pre_hashed_shake128___inner +val sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 2560)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -87,7 +87,7 @@ val sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 2420)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val verify___inner +val verify__e_inner (verification_key: t_Array u8 (mk_usize 1312)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 2420)) @@ -104,7 +104,7 @@ val verify Prims.l_True (fun _ -> Prims.l_True) -val verify_pre_hashed_shake128___inner +val verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 1312)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 2420)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst index 79e93f4d6..f832213b3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fst @@ -17,7 +17,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let generate_key_pair___inner +let generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = @@ -42,14 +42,14 @@ let generate_key_pair (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = - generate_key_pair___inner randomness signing_key verification_key + generate_key_pair__e_inner randomness signing_key verification_key in let signing_key:t_Slice u8 = tmp0 in let verification_key:t_Slice u8 = tmp1 in let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let sign___inner +let sign__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -65,9 +65,9 @@ let sign (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) - = sign___inner signing_key message context randomness + = sign__e_inner signing_key message context randomness -let sign_mut___inner +let sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -97,7 +97,7 @@ let sign_mut = let tmp0, out:(t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = - sign_mut___inner signing_key message context randomness signature + sign_mut__e_inner signing_key message context randomness signature in let signature:t_Array u8 (mk_usize 3309) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in @@ -105,7 +105,7 @@ let sign_mut <: (t_Array u8 (mk_usize 3309) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) -let sign_pre_hashed_shake128___inner +let sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -140,7 +140,7 @@ let sign_pre_hashed_shake128 let tmp0, out:(t_Slice u8 & Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) = - sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness + sign_pre_hashed_shake128__e_inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) @@ -153,7 +153,7 @@ let sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) -let verify___inner +let verify__e_inner (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 3309)) @@ -172,9 +172,9 @@ let verify (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 3309)) - = verify___inner verification_key message context signature + = verify__e_inner verification_key message context signature -let verify_pre_hashed_shake128___inner +let verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 3309)) @@ -203,7 +203,7 @@ let verify_pre_hashed_shake128 = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = - verify_pre_hashed_shake128___inner verification_key message context pre_hash_buffer signature + verify_pre_hashed_shake128__e_inner verification_key message context pre_hash_buffer signature in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti index d9f007b05..8b009c73a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_65_.fsti @@ -18,7 +18,7 @@ let _ = () /// Key Generation. -val generate_key_pair___inner +val generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -28,7 +28,7 @@ val generate_key_pair (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val sign___inner +val sign__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -45,7 +45,7 @@ val sign (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val sign_mut___inner +val sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -68,7 +68,7 @@ val sign_mut Prims.l_True (fun _ -> Prims.l_True) -val sign_pre_hashed_shake128___inner +val sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 4032)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -87,7 +87,7 @@ val sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 3309)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val verify___inner +val verify__e_inner (verification_key: t_Array u8 (mk_usize 1952)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 3309)) @@ -104,7 +104,7 @@ val verify Prims.l_True (fun _ -> Prims.l_True) -val verify_pre_hashed_shake128___inner +val verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 1952)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 3309)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst index 87019dfe9..eb38f0f1a 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fst @@ -17,7 +17,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let generate_key_pair___inner +let generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) = @@ -42,14 +42,14 @@ let generate_key_pair (signing_key verification_key: t_Slice u8) = let tmp0, tmp1:(t_Slice u8 & t_Slice u8) = - generate_key_pair___inner randomness signing_key verification_key + generate_key_pair__e_inner randomness signing_key verification_key in let signing_key:t_Slice u8 = tmp0 in let verification_key:t_Slice u8 = tmp1 in let _:Prims.unit = () in signing_key, verification_key <: (t_Slice u8 & t_Slice u8) -let sign___inner +let sign__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -65,9 +65,9 @@ let sign (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) - = sign___inner signing_key message context randomness + = sign__e_inner signing_key message context randomness -let sign_mut___inner +let sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -97,7 +97,7 @@ let sign_mut = let tmp0, out:(t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) = - sign_mut___inner signing_key message context randomness signature + sign_mut__e_inner signing_key message context randomness signature in let signature:t_Array u8 (mk_usize 4627) = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError = out in @@ -105,7 +105,7 @@ let sign_mut <: (t_Array u8 (mk_usize 4627) & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_SigningError) -let sign_pre_hashed_shake128___inner +let sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -140,7 +140,7 @@ let sign_pre_hashed_shake128 let tmp0, out:(t_Slice u8 & Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) = - sign_pre_hashed_shake128___inner signing_key message context pre_hash_buffer randomness + sign_pre_hashed_shake128__e_inner signing_key message context pre_hash_buffer randomness in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) @@ -153,7 +153,7 @@ let sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) -let verify___inner +let verify__e_inner (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 4627)) @@ -172,9 +172,9 @@ let verify (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 4627)) - = verify___inner verification_key message context signature + = verify__e_inner verification_key message context signature -let verify_pre_hashed_shake128___inner +let verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 4627)) @@ -203,7 +203,7 @@ let verify_pre_hashed_shake128 = let tmp0, out:(t_Slice u8 & Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError) = - verify_pre_hashed_shake128___inner verification_key message context pre_hash_buffer signature + verify_pre_hashed_shake128__e_inner verification_key message context pre_hash_buffer signature in let pre_hash_buffer:t_Slice u8 = tmp0 in let hax_temp_output:Core.Result.t_Result Prims.unit Libcrux_ml_dsa.Types.t_VerificationError = diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti index 330b40dca..44a9e3b94 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Instantiations.Avx2.Ml_dsa_87_.fsti @@ -18,7 +18,7 @@ let _ = () /// Key Generation. -val generate_key_pair___inner +val generate_key_pair__e_inner (randomness: t_Array u8 (mk_usize 32)) (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -28,7 +28,7 @@ val generate_key_pair (signing_key verification_key: t_Slice u8) : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val sign___inner +val sign__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -45,7 +45,7 @@ val sign (Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val sign_mut___inner +val sign_mut__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -68,7 +68,7 @@ val sign_mut Prims.l_True (fun _ -> Prims.l_True) -val sign_pre_hashed_shake128___inner +val sign_pre_hashed_shake128__e_inner (signing_key: t_Array u8 (mk_usize 4896)) (message context pre_hash_buffer: t_Slice u8) (randomness: t_Array u8 (mk_usize 32)) @@ -87,7 +87,7 @@ val sign_pre_hashed_shake128 Core.Result.t_Result (Libcrux_ml_dsa.Types.t_MLDSASignature (mk_usize 4627)) Libcrux_ml_dsa.Types.t_SigningError) Prims.l_True (fun _ -> Prims.l_True) -val verify___inner +val verify__e_inner (verification_key: t_Array u8 (mk_usize 2592)) (message context: t_Slice u8) (signature: t_Array u8 (mk_usize 4627)) @@ -104,7 +104,7 @@ val verify Prims.l_True (fun _ -> Prims.l_True) -val verify_pre_hashed_shake128___inner +val verify_pre_hashed_shake128__e_inner (verification_key: t_Array u8 (mk_usize 2592)) (message context pre_hash_buffer: t_Slice u8) (signature: t_Array u8 (mk_usize 4627)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst index 7d85c0b7d..c9487a205 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_44_.fst @@ -395,7 +395,7 @@ let sign_internal Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 4)) & Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4))) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & Core.Option.t_Option (t_Array u8 (mk_usize 32)) & u16 & @@ -1018,7 +1018,7 @@ let verify_internal Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 4) = - Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit + Libcrux_ml_dsa.Arithmetic.uuse_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_44_.v_GAMMA2 (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst index e6ac00e9f..cd6ec9f14 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_65_.fst @@ -395,7 +395,7 @@ let sign_internal Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 6)) & Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 5))) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & Core.Option.t_Option (t_Array u8 (mk_usize 48)) & u16 & @@ -1018,7 +1018,7 @@ let verify_internal Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 48) in let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 6) = - Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit + Libcrux_ml_dsa.Arithmetic.uuse_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_65_.v_GAMMA2 (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst index e1d512805..52308bce9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Ml_dsa_generic.Ml_dsa_87_.fst @@ -395,7 +395,7 @@ let sign_internal Core.Option.t_Option (t_Array (t_Array i32 (mk_usize 256)) (mk_usize 8)) & Core.Option.t_Option (t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 7))) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let attempt, commitment_hash, domain_separator_for_mask, hint, signer_response:(usize & Core.Option.t_Option (t_Array u8 (mk_usize 64)) & u16 & @@ -1018,7 +1018,7 @@ let verify_internal Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in let t1:t_Array (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) (mk_usize 8) = - Libcrux_ml_dsa.Arithmetic.use_hint #v_SIMDUnit + Libcrux_ml_dsa.Arithmetic.uuse_hint #v_SIMDUnit Libcrux_ml_dsa.Constants.Ml_dsa_87_.v_GAMMA2 (deserialized_hint <: t_Slice (t_Array i32 (mk_usize 256))) t1 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst index 0e2c1f538..33a30d3f7 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Sample.fst @@ -236,7 +236,7 @@ let sample_up_to_four_ring_elements_flat usize & v_Shake128 & t_Slice (t_Array i32 (mk_usize 263))) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let done0, done1, done2, done3, sampled0, sampled1, sampled2, sampled3, state, tmp_stack:(bool & bool & bool & @@ -689,7 +689,7 @@ let sample_four_error_ring_elements usize & usize & v_Shake256) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let done0, done1, done2, done3, out, sampled0, sampled1, sampled2, sampled3, state:(bool & bool & bool & @@ -1199,7 +1199,7 @@ let sample_challenge_ring_element let state:v_Shake256 = tmp0 in let randomness:t_Array u8 (mk_usize 136) = out in let signs:u64 = - Core.Num.impl__u64__from_le_bytes (Core.Result.impl__unwrap #(t_Array u8 (mk_usize 8)) + Core.Num.impl_u64__from_le_bytes (Core.Result.impl__unwrap #(t_Array u8 (mk_usize 8)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 (mk_usize 8)) @@ -1237,7 +1237,7 @@ let sample_challenge_ring_element let done:bool = out in let done, out_index, result, signs, state:(bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let done, out_index, result, signs, state:(bool & usize & t_Array i32 (mk_usize 256) & u64 & v_Shake256) = temp_0_ diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst index acdc5dacc..900a055a6 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fst @@ -11,7 +11,7 @@ let _ = let open Libcrux_ml_dsa.Simd.Traits in () -let matrix_flat__inner +let f_matrix_flat__inner (#v_SIMDUnit: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: @@ -69,7 +69,7 @@ let impl: Libcrux_ml_dsa.Samplex4.t_X4Sampler t_AVX2Sampler = (matrix: t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit)) -> let matrix:t_Slice (Libcrux_ml_dsa.Polynomial.t_PolynomialRingElement v_SIMDUnit) = - matrix_flat__inner #v_SIMDUnit columns seed matrix + f_matrix_flat__inner #v_SIMDUnit columns seed matrix in matrix } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti index d13a7340b..fe5c98390 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Samplex4.Avx2.fsti @@ -13,7 +13,7 @@ let _ = type t_AVX2Sampler = | AVX2Sampler : t_AVX2Sampler -val matrix_flat__inner +val f_matrix_flat__inner (#v_SIMDUnit: Type0) {| i1: Libcrux_ml_dsa.Simd.Traits.t_Operations v_SIMDUnit |} (columns: usize) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst index 9d41081b7..81e2c55c3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fst @@ -308,7 +308,7 @@ let compute_hint (hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let minus_gamma2:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Core.Ops.Arith.Neg.neg gamma2 <: i32) + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (Core.Ops.Arith.f_neg gamma2 <: i32) in let gamma2:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 gamma2 @@ -342,10 +342,10 @@ let compute_hint <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let hax_temp_output:usize = cast (Core.Num.impl__i32__count_ones hints_mask <: u32) <: usize in + let hax_temp_output:usize = cast (Core.Num.impl_i32__count_ones hints_mask <: u32) <: usize in hint, hax_temp_output <: (Libcrux_intrinsics.Avx2_extract.t_Vec256 & usize) -let use_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = +let uuse_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let r0, r1:(Libcrux_intrinsics.Avx2_extract.t_Vec256 & Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 (), Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 () diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti index 65e34cad0..eb8e72ec9 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Arithmetic.fsti @@ -47,5 +47,5 @@ val compute_hint Prims.l_True (fun _ -> Prims.l_True) -val use_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) +val uuse_hint (gamma2: i32) (r hint: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst index 570034fde..1e9b636bf 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fst @@ -7,7 +7,7 @@ let serialize_when_eta_is_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec25 let serialized:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 - serialize_when_eta_is_2___ETA + serialize_when_eta_is_2___v_ETA <: Libcrux_intrinsics.Avx2_extract.t_Vec256) simd_unit @@ -104,7 +104,7 @@ let serialize_when_eta_is_4_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec25 let serialized:t_Array u8 (mk_usize 16) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 16) in let simd_unit_shifted:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi32 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 - serialize_when_eta_is_4___ETA + serialize_when_eta_is_4___v_ETA <: Libcrux_intrinsics.Avx2_extract.t_Vec256) simd_unit @@ -228,7 +228,7 @@ let deserialize_to_unsigned_when_eta_is_2_ (bytes: t_Slice u8) = Libcrux_intrinsics.Avx2_extract.t_Vec256) in Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_to_unsigned_when_eta_is_2___COEFFICIENT_MASK + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_to_unsigned_when_eta_is_2___v_COEFFICIENT_MASK <: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -266,7 +266,7 @@ let deserialize_to_unsigned_when_eta_is_4_ (bytes: t_Slice u8) = Libcrux_intrinsics.Avx2_extract.t_Vec256) in Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_to_unsigned_when_eta_is_4___COEFFICIENT_MASK + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize_to_unsigned_when_eta_is_4___v_COEFFICIENT_MASK <: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti index 78eee7f4d..8da7febe5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.Error.fsti @@ -3,12 +3,12 @@ module Libcrux_ml_dsa.Simd.Avx2.Encoding.Error open Core open FStar.Mul -let serialize_when_eta_is_2___ETA: i32 = mk_i32 2 +let serialize_when_eta_is_2___v_ETA: i32 = mk_i32 2 val serialize_when_eta_is_2_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let serialize_when_eta_is_4___ETA: i32 = mk_i32 4 +let serialize_when_eta_is_4___v_ETA: i32 = mk_i32 4 val serialize_when_eta_is_4_ (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -19,13 +19,13 @@ val serialize (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize_to_unsigned_when_eta_is_2___COEFFICIENT_MASK: i32 = +let deserialize_to_unsigned_when_eta_is_2___v_COEFFICIENT_MASK: i32 = (mk_i32 1 < Prims.l_True) -let deserialize_to_unsigned_when_eta_is_4___COEFFICIENT_MASK: i32 = +let deserialize_to_unsigned_when_eta_is_4___v_COEFFICIENT_MASK: i32 = (mk_i32 1 < Prims.l_True) -let serialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let deserialize__COEFFICIENT_MASK: i32 = (mk_i32 1 < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst index 31b3de391..0db4b386d 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fst @@ -171,7 +171,7 @@ let deserialize (bytes: t_Slice u8) (out: Libcrux_intrinsics.Avx2_extract.t_Vec2 in let out:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize__COEFFICIENT_MASK + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 deserialize__v_COEFFICIENT_MASK <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti index 85afbf850..1b4efdd4b 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Encoding.T1.fsti @@ -6,7 +6,7 @@ open FStar.Mul val serialize (simd_unit: Libcrux_intrinsics.Avx2_extract.t_Vec256) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize__COEFFICIENT_MASK: i32 = (mk_i32 1 < Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst index 6775d3204..85e93122c 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fst @@ -726,7 +726,7 @@ let invert_ntt_montgomery__inv_inner <: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) .Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value - invert_ntt_montgomery__inv_inner__FACTOR + invert_ntt_montgomery__inv_inner__v_FACTOR <: Libcrux_intrinsics.Avx2_extract.t_Vec256 } diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti index c3139588e..9cd18f258 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Invntt.fsti @@ -3,7 +3,7 @@ module Libcrux_ml_dsa.Simd.Avx2.Invntt open Core open FStar.Mul -let invert_ntt_montgomery__inv_inner__FACTOR: i32 = mk_i32 41978 +let invert_ntt_montgomery__inv_inner__v_FACTOR: i32 = mk_i32 41978 val simd_unit_invert_ntt_at_layer_0_ (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -12,7 +12,7 @@ val simd_unit_invert_ntt_at_layer_0_ (Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 & Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 ) Prims.l_True (fun _ -> Prims.l_True) -let simd_unit_invert_ntt_at_layer_0___SHUFFLE: i32 = mk_i32 216 +let simd_unit_invert_ntt_at_layer_0___v_SHUFFLE: i32 = mk_i32 216 val simd_unit_invert_ntt_at_layer_1_ (simd_unit0 simd_unit1: Libcrux_intrinsics.Avx2_extract.t_Vec256) @@ -80,36 +80,36 @@ val invert_ntt_at_layer_3_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_V Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_3___STEP: usize = mk_usize 8 +let invert_ntt_at_layer_3___v_STEP: usize = mk_usize 8 -let invert_ntt_at_layer_3___STEP_BY: usize = mk_usize 1 +let invert_ntt_at_layer_3___v_STEP_BY: usize = mk_usize 1 val invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_4___STEP: usize = mk_usize 16 +let invert_ntt_at_layer_4___v_STEP: usize = mk_usize 16 -let invert_ntt_at_layer_4___STEP_BY: usize = mk_usize 2 +let invert_ntt_at_layer_4___v_STEP_BY: usize = mk_usize 2 val invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_5___STEP: usize = mk_usize 32 +let invert_ntt_at_layer_5___v_STEP: usize = mk_usize 32 -let invert_ntt_at_layer_5___STEP_BY: usize = mk_usize 4 +let invert_ntt_at_layer_5___v_STEP_BY: usize = mk_usize 4 val invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_6___STEP: usize = mk_usize 64 +let invert_ntt_at_layer_6___v_STEP: usize = mk_usize 64 -let invert_ntt_at_layer_6___STEP_BY: usize = mk_usize 8 +let invert_ntt_at_layer_6___v_STEP_BY: usize = mk_usize 8 val invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) @@ -127,6 +127,6 @@ val invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_7___STEP: usize = mk_usize 128 +let invert_ntt_at_layer_7___v_STEP: usize = mk_usize 128 -let invert_ntt_at_layer_7___STEP_BY: usize = mk_usize 16 +let invert_ntt_at_layer_7___v_STEP_BY: usize = mk_usize 16 diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst index e6843e2d6..e0b14d6c5 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fst @@ -584,7 +584,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -592,7 +592,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 1 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -600,7 +600,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 2 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -608,7 +608,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 3 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -617,7 +617,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 8) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -625,7 +625,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 8 +! mk_usize 1 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -633,7 +633,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 8 +! mk_usize 2 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -641,7 +641,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 8 +! mk_usize 3 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -650,7 +650,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -658,7 +658,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 1 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -666,7 +666,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 2 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -674,7 +674,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 0 +! mk_usize 3 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -683,7 +683,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 16) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -691,7 +691,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 16 +! mk_usize 1 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -699,7 +699,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 16 +! mk_usize 2 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -707,7 +707,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 16 +! mk_usize 3 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -716,7 +716,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -724,7 +724,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 1 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -732,7 +732,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 2 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -740,7 +740,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 3 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -749,7 +749,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 12) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -757,7 +757,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 12 +! mk_usize 1 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -765,7 +765,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 12 +! mk_usize 2 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -773,7 +773,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 12 +! mk_usize 3 <: usize) zeta7 - ntt_at_layer_7_and_6___STEP_BY_7_ + ntt_at_layer_7_and_6___v_STEP_BY_7_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -782,7 +782,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -790,7 +790,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 1 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -798,7 +798,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 2 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -806,7 +806,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 4 +! mk_usize 3 <: usize) zeta60 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -815,7 +815,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 20) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -823,7 +823,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 20 +! mk_usize 1 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -831,7 +831,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 20 +! mk_usize 2 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in @@ -839,7 +839,7 @@ let ntt_at_layer_7_and_6_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Ve ntt_at_layer_7_and_6___mul re (mk_usize 20 +! mk_usize 3 <: usize) zeta61 - ntt_at_layer_7_and_6___STEP_BY_6_ + ntt_at_layer_7_and_6___v_STEP_BY_6_ field_modulus inverse_of_modulus_mod_montgomery_r in diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti index 86b26611a..49c717707 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Avx2.Ntt.fsti @@ -11,7 +11,7 @@ val butterfly_2_ Prims.l_True (fun _ -> Prims.l_True) -let butterfly_2___SHUFFLE: i32 = mk_i32 216 +let butterfly_2___v_SHUFFLE: i32 = mk_i32 216 val butterfly_4_ (re: t_Array Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256 (mk_usize 32)) @@ -54,10 +54,10 @@ val ntt_at_layer_7_and_6___mul Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_7_and_6___STEP_BY_7_: usize = +let ntt_at_layer_7_and_6___v_STEP_BY_7_: usize = mk_usize 2 *! Libcrux_ml_dsa.Simd.Traits.v_COEFFICIENTS_IN_SIMD_UNIT -let ntt_at_layer_7_and_6___STEP_BY_6_: usize = +let ntt_at_layer_7_and_6___v_STEP_BY_6_: usize = (mk_usize 1 < Prims.l_True) -let ntt_at_layer_5_to_3___STEP: usize = mk_usize 1 < true); - f_use_hint_post + f_uuse_hint_post = (fun (gamma2: i32) @@ -345,7 +345,7 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto (out: Libcrux_ml_dsa.Simd.Avx2.Vector_type.t_Vec256) -> true); - f_use_hint + f_uuse_hint = (fun (gamma2: i32) @@ -357,7 +357,7 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto hint with Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value = - Libcrux_ml_dsa.Simd.Avx2.Arithmetic.use_hint gamma2 + Libcrux_ml_dsa.Simd.Avx2.Arithmetic.uuse_hint gamma2 simd_unit.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value hint.Libcrux_ml_dsa.Simd.Avx2.Vector_type.f_value } @@ -380,10 +380,10 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in out, hax_temp_output <: (t_Slice i32 & usize)); - f_rejection_sample_less_than_eta_equals_2_pre + f_rejection_sample_less_than_eta_equals_2__pre = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_eta_equals_2_post + f_rejection_sample_less_than_eta_equals_2__post = (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); f_rejection_sample_less_than_eta_equals_2_ @@ -395,10 +395,10 @@ let impl: Libcrux_ml_dsa.Simd.Traits.t_Operations Libcrux_ml_dsa.Simd.Avx2.Vecto let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in out, hax_temp_output <: (t_Slice i32 & usize)); - f_rejection_sample_less_than_eta_equals_4_pre + f_rejection_sample_less_than_eta_equals_4__pre = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_eta_equals_4_post + f_rejection_sample_less_than_eta_equals_4__post = (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); f_rejection_sample_less_than_eta_equals_4_ diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst index 493bdf16a..f6b75df26 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fst @@ -183,7 +183,7 @@ let power2round_element (t: i32) = then let _:Prims.unit = Hax_lib.v_assert ((t >. - (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + (Core.Ops.Arith.f_neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) <: bool) && (t <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) @@ -294,7 +294,7 @@ let infinity_norm_exceeds then let _:Prims.unit = Hax_lib.v_assert ((coefficient >. - (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + (Core.Ops.Arith.f_neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) <: bool) && (coefficient <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) @@ -355,8 +355,8 @@ let shift_left_then_reduce let compute_one_hint (low high gamma2: i32) = if - low >. gamma2 || low <. (Core.Ops.Arith.Neg.neg gamma2 <: i32) || - low =. (Core.Ops.Arith.Neg.neg gamma2 <: i32) && high <>. mk_i32 0 + low >. gamma2 || low <. (Core.Ops.Arith.f_neg gamma2 <: i32) || + low =. (Core.Ops.Arith.f_neg gamma2 <: i32) && high <>. mk_i32 0 then mk_i32 1 else mk_i32 0 @@ -421,7 +421,7 @@ let decompose_element (gamma2 r: i32) = then let _:Prims.unit = Hax_lib.v_assert ((r >. - (Core.Ops.Arith.Neg.neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) + (Core.Ops.Arith.f_neg Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: i32) <: bool) && (r <. Libcrux_ml_dsa.Simd.Traits.v_FIELD_MODULUS <: bool)) @@ -468,7 +468,7 @@ let decompose_element (gamma2 r: i32) = in r0, r1 <: (i32 & i32) -let use_one_hint (gamma2 r hint: i32) = +let uuse_one_hint (gamma2 r hint: i32) = let r0, r1:(i32 & i32) = decompose_element gamma2 r in if hint =. mk_i32 0 then r1 @@ -554,7 +554,10 @@ let decompose (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients & Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) -let use_hint (gamma2: i32) (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) = +let uuse_hint + (gamma2: i32) + (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) + = let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (Core.Slice.impl__len #i32 @@ -576,7 +579,7 @@ let use_hint (gamma2: i32) (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize hint .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values i - (use_one_hint gamma2 + (uuse_one_hint gamma2 (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ i ] <: i32) (hint.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ i ] <: i32) <: diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti index b33255c91..beeafe049 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Arithmetic.fsti @@ -70,7 +70,7 @@ val compute_hint val decompose_element (gamma2 r: i32) : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) -val use_one_hint (gamma2 r hint: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) +val uuse_one_hint (gamma2 r hint: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) val decompose (gamma2: i32) @@ -81,7 +81,9 @@ val decompose Prims.l_True (fun _ -> Prims.l_True) -val use_hint (gamma2: i32) (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) +val uuse_hint + (gamma2: i32) + (simd_unit hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) : Prims.Pure Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst index fe2618f47..50ea9b747 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fst @@ -16,7 +16,7 @@ let serialize_when_eta_is_2_ () in let coefficient0:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 0 ] <: i32) <: i32) @@ -24,7 +24,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient1:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 1 ] <: i32) <: i32) @@ -32,7 +32,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient2:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 2 ] <: i32) <: i32) @@ -40,7 +40,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient3:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 3 ] <: i32) <: i32) @@ -48,7 +48,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient4:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 4 ] <: i32) <: i32) @@ -56,7 +56,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient5:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 5 ] <: i32) <: i32) @@ -64,7 +64,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient6:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 6 ] <: i32) <: i32) @@ -72,7 +72,7 @@ let serialize_when_eta_is_2_ u8 in let coefficient7:u8 = - cast (serialize_when_eta_is_2___ETA -! + cast (serialize_when_eta_is_2___v_ETA -! (simd_unit.Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values.[ mk_usize 7 ] <: i32) <: i32) @@ -124,12 +124,12 @@ let serialize_when_eta_is_4_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:u8 = - cast (serialize_when_eta_is_4___ETA -! (coefficients.[ mk_usize 0 ] <: i32) <: i32) + cast (serialize_when_eta_is_4___v_ETA -! (coefficients.[ mk_usize 0 ] <: i32) <: i32) <: u8 in let coefficient1:u8 = - cast (serialize_when_eta_is_4___ETA -! (coefficients.[ mk_usize 1 ] <: i32) <: i32) + cast (serialize_when_eta_is_4___v_ETA -! (coefficients.[ mk_usize 1 ] <: i32) <: i32) <: u8 in @@ -177,7 +177,7 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 0) - (deserialize_when_eta_is_2___ETA -! (byte0 &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! (byte0 &. mk_i32 7 <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -190,7 +190,9 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 1) - (deserialize_when_eta_is_2___ETA -! ((byte0 >>! mk_i32 3 <: i32) &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! ((byte0 >>! mk_i32 3 <: i32) &. mk_i32 7 <: i32) + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -203,7 +205,7 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 2) - (deserialize_when_eta_is_2___ETA -! + (deserialize_when_eta_is_2___v_ETA -! (((byte0 >>! mk_i32 6 <: i32) |. (byte1 <>! mk_i32 1 <: i32) &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! ((byte1 >>! mk_i32 1 <: i32) &. mk_i32 7 <: i32) + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -232,7 +236,9 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 4) - (deserialize_when_eta_is_2___ETA -! ((byte1 >>! mk_i32 4 <: i32) &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! ((byte1 >>! mk_i32 4 <: i32) &. mk_i32 7 <: i32) + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -245,7 +251,7 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 5) - (deserialize_when_eta_is_2___ETA -! + (deserialize_when_eta_is_2___v_ETA -! (((byte1 >>! mk_i32 7 <: i32) |. (byte2 <>! mk_i32 2 <: i32) &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! ((byte2 >>! mk_i32 2 <: i32) &. mk_i32 7 <: i32) + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -274,7 +282,9 @@ let deserialize_when_eta_is_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 7) - (deserialize_when_eta_is_2___ETA -! ((byte2 >>! mk_i32 5 <: i32) &. mk_i32 7 <: i32) <: i32) + (deserialize_when_eta_is_2___v_ETA -! ((byte2 >>! mk_i32 5 <: i32) &. mk_i32 7 <: i32) + <: + i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -311,7 +321,7 @@ let deserialize_when_eta_is_4_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_units .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 2 *! i <: usize) - (deserialize_when_eta_is_4___ETA -! (cast (byte &. mk_u8 15 <: u8) <: i32) <: i32) + (deserialize_when_eta_is_4___v_ETA -! (cast (byte &. mk_u8 15 <: u8) <: i32) <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -324,7 +334,8 @@ let deserialize_when_eta_is_4_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_units .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values ((mk_usize 2 *! i <: usize) +! mk_usize 1 <: usize) - (deserialize_when_eta_is_4___ETA -! (cast (byte >>! mk_i32 4 <: u8) <: i32) <: i32) + (deserialize_when_eta_is_4___v_ETA -! (cast (byte >>! mk_i32 4 <: u8) <: i32) <: i32 + ) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti index ae3d16c4c..95da975e3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Error.fsti @@ -3,14 +3,14 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.Error open Core open FStar.Mul -let serialize_when_eta_is_2___ETA: i32 = mk_i32 2 +let serialize_when_eta_is_2___v_ETA: i32 = mk_i32 2 val serialize_when_eta_is_2_ (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let serialize_when_eta_is_4___ETA: i32 = mk_i32 4 +let serialize_when_eta_is_4___v_ETA: i32 = mk_i32 4 val serialize_when_eta_is_4_ (simd_unit: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) @@ -23,7 +23,7 @@ val serialize (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -let deserialize_when_eta_is_2___ETA: i32 = mk_i32 2 +let deserialize_when_eta_is_2___v_ETA: i32 = mk_i32 2 val deserialize_when_eta_is_2_ (serialized: t_Slice u8) @@ -32,7 +32,7 @@ val deserialize_when_eta_is_2_ Prims.l_True (fun _ -> Prims.l_True) -let deserialize_when_eta_is_4___ETA: i32 = mk_i32 4 +let deserialize_when_eta_is_4___v_ETA: i32 = mk_i32 4 val deserialize_when_eta_is_4_ (serialized: t_Slice u8) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst index 096f1d980..7fdd50c6c 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fst @@ -19,16 +19,16 @@ let serialize_when_gamma1_is_2_pow_17_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) + serialize_when_gamma1_is_2_pow_17___v_GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) in let coefficient1:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) + serialize_when_gamma1_is_2_pow_17___v_GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) in let coefficient2:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 2 ] <: i32) + serialize_when_gamma1_is_2_pow_17___v_GAMMA1 -! (coefficients.[ mk_usize 2 ] <: i32) in let coefficient3:i32 = - serialize_when_gamma1_is_2_pow_17___GAMMA1 -! (coefficients.[ mk_usize 3 ] <: i32) + serialize_when_gamma1_is_2_pow_17___v_GAMMA1 -! (coefficients.[ mk_usize 3 ] <: i32) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized @@ -119,10 +119,10 @@ let serialize_when_gamma1_is_2_pow_19_ let serialized:t_Slice u8 = serialized in let i, coefficients:(usize & t_Slice i32) = temp_1_ in let coefficient0:i32 = - serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) + serialize_when_gamma1_is_2_pow_19___v_GAMMA1 -! (coefficients.[ mk_usize 0 ] <: i32) in let coefficient1:i32 = - serialize_when_gamma1_is_2_pow_19___GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) + serialize_when_gamma1_is_2_pow_19___v_GAMMA1 -! (coefficients.[ mk_usize 1 ] <: i32) in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized @@ -205,7 +205,7 @@ let deserialize_when_gamma1_is_2_pow_17_ coefficient0 |. ((cast (bytes.[ mk_usize 2 ] <: u8) <: i32) <>! mk_i32 2 in let coefficient1:i32 = @@ -215,7 +215,7 @@ let deserialize_when_gamma1_is_2_pow_17_ coefficient1 |. ((cast (bytes.[ mk_usize 4 ] <: u8) <: i32) <>! mk_i32 4 in let coefficient2:i32 = @@ -225,7 +225,7 @@ let deserialize_when_gamma1_is_2_pow_17_ coefficient2 |. ((cast (bytes.[ mk_usize 6 ] <: u8) <: i32) <>! mk_i32 6 in let coefficient3:i32 = @@ -235,7 +235,7 @@ let deserialize_when_gamma1_is_2_pow_17_ coefficient3 |. ((cast (bytes.[ mk_usize 8 ] <: u8) <: i32) <>! mk_i32 4 in let coefficient1:i32 = @@ -341,7 +341,7 @@ let deserialize_when_gamma1_is_2_pow_19_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values (mk_usize 2 *! i <: usize) - (deserialize_when_gamma1_is_2_pow_19___GAMMA1 -! coefficient0 <: i32) + (deserialize_when_gamma1_is_2_pow_19___v_GAMMA1 -! coefficient0 <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients @@ -354,7 +354,7 @@ let deserialize_when_gamma1_is_2_pow_19_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize simd_unit .Libcrux_ml_dsa.Simd.Portable.Vector_type.f_values ((mk_usize 2 *! i <: usize) +! mk_usize 1 <: usize) - (deserialize_when_gamma1_is_2_pow_19___GAMMA1 -! coefficient1 <: i32) + (deserialize_when_gamma1_is_2_pow_19___v_GAMMA1 -! coefficient1 <: i32) } <: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti index a747b6d7d..8043ee0b3 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1.fsti @@ -3,14 +3,14 @@ module Libcrux_ml_dsa.Simd.Portable.Encoding.Gamma1 open Core open FStar.Mul -let serialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let serialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_17___GAMMA1: i32 = mk_i32 1 < Prims.l_True) -let deserialize_when_gamma1_is_2_pow_19___GAMMA1: i32 = mk_i32 1 <>! mk_i32 5 in let coefficient1:i32 = coefficient1 |. (byte2 <>! mk_i32 2 in let coefficient2:i32 = coefficient2 |. (byte4 <>! mk_i32 7 in let coefficient3:i32 = coefficient3 |. (byte5 <>! mk_i32 4 in let coefficient4:i32 = coefficient4 |. (byte7 <>! mk_i32 1 in let coefficient5:i32 = coefficient5 |. (byte9 <>! mk_i32 6 in let coefficient6:i32 = coefficient6 |. (byte10 <>! mk_i32 3 in let coefficient7:i32 = coefficient7 |. (byte12 < Prims.l_True) -let deserialize__BITS_IN_LOWER_PART_OF_T_MASK: i32 = +let deserialize__v_BITS_IN_LOWER_PART_OF_T_MASK: i32 = (mk_i32 1 < Prims.l_True) -let invert_ntt_at_layer_3___STEP: usize = mk_usize 8 +let invert_ntt_at_layer_3___v_STEP: usize = mk_usize 8 -let invert_ntt_at_layer_3___STEP_BY: usize = mk_usize 1 +let invert_ntt_at_layer_3___v_STEP_BY: usize = mk_usize 1 val invert_ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -96,9 +96,9 @@ val invert_ntt_at_layer_4_ Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_4___STEP: usize = mk_usize 16 +let invert_ntt_at_layer_4___v_STEP: usize = mk_usize 16 -let invert_ntt_at_layer_4___STEP_BY: usize = mk_usize 2 +let invert_ntt_at_layer_4___v_STEP_BY: usize = mk_usize 2 val invert_ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -106,9 +106,9 @@ val invert_ntt_at_layer_5_ Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_5___STEP: usize = mk_usize 32 +let invert_ntt_at_layer_5___v_STEP: usize = mk_usize 32 -let invert_ntt_at_layer_5___STEP_BY: usize = mk_usize 4 +let invert_ntt_at_layer_5___v_STEP_BY: usize = mk_usize 4 val invert_ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -116,9 +116,9 @@ val invert_ntt_at_layer_6_ Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_6___STEP: usize = mk_usize 64 +let invert_ntt_at_layer_6___v_STEP: usize = mk_usize 64 -let invert_ntt_at_layer_6___STEP_BY: usize = mk_usize 8 +let invert_ntt_at_layer_6___v_STEP_BY: usize = mk_usize 8 val invert_ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -126,9 +126,9 @@ val invert_ntt_at_layer_7_ Prims.l_True (fun _ -> Prims.l_True) -let invert_ntt_at_layer_7___STEP: usize = mk_usize 128 +let invert_ntt_at_layer_7___v_STEP: usize = mk_usize 128 -let invert_ntt_at_layer_7___STEP_BY: usize = mk_usize 16 +let invert_ntt_at_layer_7___v_STEP_BY: usize = mk_usize 16 val invert_ntt_montgomery (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti index b785cd915..560bb21d0 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.Ntt.fsti @@ -80,9 +80,9 @@ val ntt_at_layer_3_ Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_3___STEP: usize = mk_usize 8 +let ntt_at_layer_3___v_STEP: usize = mk_usize 8 -let ntt_at_layer_3___STEP_BY: usize = mk_usize 1 +let ntt_at_layer_3___v_STEP_BY: usize = mk_usize 1 val ntt_at_layer_4_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -90,9 +90,9 @@ val ntt_at_layer_4_ Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_4___STEP: usize = mk_usize 16 +let ntt_at_layer_4___v_STEP: usize = mk_usize 16 -let ntt_at_layer_4___STEP_BY: usize = mk_usize 2 +let ntt_at_layer_4___v_STEP_BY: usize = mk_usize 2 val ntt_at_layer_5_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -100,9 +100,9 @@ val ntt_at_layer_5_ Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_5___STEP: usize = mk_usize 32 +let ntt_at_layer_5___v_STEP: usize = mk_usize 32 -let ntt_at_layer_5___STEP_BY: usize = mk_usize 4 +let ntt_at_layer_5___v_STEP_BY: usize = mk_usize 4 val ntt_at_layer_6_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -110,9 +110,9 @@ val ntt_at_layer_6_ Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_6___STEP: usize = mk_usize 64 +let ntt_at_layer_6___v_STEP: usize = mk_usize 64 -let ntt_at_layer_6___STEP_BY: usize = mk_usize 8 +let ntt_at_layer_6___v_STEP_BY: usize = mk_usize 8 val ntt_at_layer_7_ (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) @@ -120,9 +120,9 @@ val ntt_at_layer_7_ Prims.l_True (fun _ -> Prims.l_True) -let ntt_at_layer_7___STEP: usize = mk_usize 128 +let ntt_at_layer_7___v_STEP: usize = mk_usize 128 -let ntt_at_layer_7___STEP_BY: usize = mk_usize 16 +let ntt_at_layer_7___v_STEP_BY: usize = mk_usize 16 val ntt (re: t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) : Prims.Pure (t_Array Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients (mk_usize 32)) diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst index c58120ff8..17c23fffe 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Portable.fst @@ -274,7 +274,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = tmp0 in let hax_temp_output:usize = out1 in hint, hax_temp_output <: (Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients & usize)); - f_use_hint_pre + f_uuse_hint_pre = (fun (gamma2: i32) @@ -282,7 +282,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) -> true); - f_use_hint_post + f_uuse_hint_post = (fun (gamma2: i32) @@ -291,7 +291,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = (out: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) -> true); - f_use_hint + f_uuse_hint = (fun (gamma2: i32) @@ -299,7 +299,7 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = (hint: Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients) -> let hint:Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = - Libcrux_ml_dsa.Simd.Portable.Arithmetic.use_hint gamma2 simd_unit hint + Libcrux_ml_dsa.Simd.Portable.Arithmetic.uuse_hint gamma2 simd_unit hint in hint); f_rejection_sample_less_than_field_modulus_pre @@ -318,10 +318,10 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in out, hax_temp_output <: (t_Slice i32 & usize)); - f_rejection_sample_less_than_eta_equals_2_pre + f_rejection_sample_less_than_eta_equals_2__pre = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_eta_equals_2_post + f_rejection_sample_less_than_eta_equals_2__post = (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); f_rejection_sample_less_than_eta_equals_2_ @@ -334,10 +334,10 @@ Libcrux_ml_dsa.Simd.Portable.Vector_type.t_Coefficients = let out:t_Slice i32 = tmp0 in let hax_temp_output:usize = out1 in out, hax_temp_output <: (t_Slice i32 & usize)); - f_rejection_sample_less_than_eta_equals_4_pre + f_rejection_sample_less_than_eta_equals_4__pre = (fun (randomness: t_Slice u8) (out: t_Slice i32) -> true); - f_rejection_sample_less_than_eta_equals_4_post + f_rejection_sample_less_than_eta_equals_4__post = (fun (randomness: t_Slice u8) (out: t_Slice i32) (out2: (t_Slice i32 & usize)) -> true); f_rejection_sample_less_than_eta_equals_4_ diff --git a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti index 0257fe6e4..160d904f4 100644 --- a/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti +++ b/libcrux-ml-dsa/proofs/fstar/extraction/Libcrux_ml_dsa.Simd.Traits.fsti @@ -56,10 +56,10 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure (v_Self & usize) (f_compute_hint_pre x0 x1 x2 x3) (fun result -> f_compute_hint_post x0 x1 x2 x3 result); - f_use_hint_pre:i32 -> v_Self -> v_Self -> Type0; - f_use_hint_post:i32 -> v_Self -> v_Self -> v_Self -> Type0; - f_use_hint:x0: i32 -> x1: v_Self -> x2: v_Self - -> Prims.Pure v_Self (f_use_hint_pre x0 x1 x2) (fun result -> f_use_hint_post x0 x1 x2 result); + f_uuse_hint_pre:i32 -> v_Self -> v_Self -> Type0; + f_uuse_hint_post:i32 -> v_Self -> v_Self -> v_Self -> Type0; + f_uuse_hint:x0: i32 -> x1: v_Self -> x2: v_Self + -> Prims.Pure v_Self (f_uuse_hint_pre x0 x1 x2) (fun result -> f_uuse_hint_post x0 x1 x2 result); f_montgomery_multiply_pre:v_Self -> v_Self -> Type0; f_montgomery_multiply_post:v_Self -> v_Self -> v_Self -> Type0; f_montgomery_multiply:x0: v_Self -> x1: v_Self @@ -85,20 +85,20 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure (t_Slice i32 & usize) (f_rejection_sample_less_than_field_modulus_pre x0 x1) (fun result -> f_rejection_sample_less_than_field_modulus_post x0 x1 result); - f_rejection_sample_less_than_eta_equals_2_pre:t_Slice u8 -> t_Slice i32 -> Type0; - f_rejection_sample_less_than_eta_equals_2_post:t_Slice u8 -> t_Slice i32 -> (t_Slice i32 & usize) + f_rejection_sample_less_than_eta_equals_2__pre:t_Slice u8 -> t_Slice i32 -> Type0; + f_rejection_sample_less_than_eta_equals_2__post:t_Slice u8 -> t_Slice i32 -> (t_Slice i32 & usize) -> Type0; f_rejection_sample_less_than_eta_equals_2_:x0: t_Slice u8 -> x1: t_Slice i32 -> Prims.Pure (t_Slice i32 & usize) - (f_rejection_sample_less_than_eta_equals_2_pre x0 x1) - (fun result -> f_rejection_sample_less_than_eta_equals_2_post x0 x1 result); - f_rejection_sample_less_than_eta_equals_4_pre:t_Slice u8 -> t_Slice i32 -> Type0; - f_rejection_sample_less_than_eta_equals_4_post:t_Slice u8 -> t_Slice i32 -> (t_Slice i32 & usize) + (f_rejection_sample_less_than_eta_equals_2__pre x0 x1) + (fun result -> f_rejection_sample_less_than_eta_equals_2__post x0 x1 result); + f_rejection_sample_less_than_eta_equals_4__pre:t_Slice u8 -> t_Slice i32 -> Type0; + f_rejection_sample_less_than_eta_equals_4__post:t_Slice u8 -> t_Slice i32 -> (t_Slice i32 & usize) -> Type0; f_rejection_sample_less_than_eta_equals_4_:x0: t_Slice u8 -> x1: t_Slice i32 -> Prims.Pure (t_Slice i32 & usize) - (f_rejection_sample_less_than_eta_equals_4_pre x0 x1) - (fun result -> f_rejection_sample_less_than_eta_equals_4_post x0 x1 result); + (f_rejection_sample_less_than_eta_equals_4__pre x0 x1) + (fun result -> f_rejection_sample_less_than_eta_equals_4__post x0 x1 result); f_gamma1_serialize_pre:v_Self -> t_Slice u8 -> usize -> Type0; f_gamma1_serialize_post:v_Self -> t_Slice u8 -> usize -> t_Slice u8 -> Type0; f_gamma1_serialize:x0: v_Self -> x1: t_Slice u8 -> x2: usize diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 68f209579..0add3819f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -4,23 +4,23 @@ open Core open FStar.Mul let inz (value: u8) = - let v__orig_value:u8 = value in + let e_orig_value:u8 = value in let value:u16 = cast (value <: u8) <: u16 in let result:u8 = - cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! mk_i32 8 <: u16) + cast ((Core.Num.impl_u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! mk_i32 8 <: u16) <: u8 in let res:u8 = result &. mk_u8 1 in let _:Prims.unit = - if v v__orig_value = 0 + if v e_orig_value = 0 then (assert (value == zero); lognot_lemma value; assert ((~.value +. (mk_u16 1)) == zero); - assert ((Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) == zero); + assert ((Core.Num.impl_u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) == zero); logor_lemma value zero; - assert ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) + assert ((value |. (Core.Num.impl_u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) <: u16) == value); @@ -38,7 +38,7 @@ let inz (value: u8) = assert ((v (~.value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v value)); assert ((v (~.value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v value)); assert ((v (~.value) + 1) / pow2 8 = (pow2 8 - 1)); - assert (v ((Core.Num.impl__u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! + assert (v ((Core.Num.impl_u16__wrapping_add (~.value <: u16) (mk_u16 1) <: u16) >>! (mk_i32 8)) = pow2 8 - 1); assert (result = ones); @@ -107,7 +107,7 @@ let compare (lhs rhs: t_Slice u8) = #push-options "--ifuel 0 --z3rlimit 50" let select_ct (lhs rhs: t_Slice u8) (selector: u8) = - let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) (mk_u8 1) in + let mask:u8 = Core.Num.impl_u8__wrapping_sub (is_non_zero selector <: u8) (mk_u8 1) in let _:Prims.unit = assert (if selector = (mk_u8 0) then mask = ones else mask = zero); lognot_lemma mask; diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index f2ec96f20..c3d727876 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -53,7 +53,7 @@ class t_Hash (v_Self: Type0) (v_K: usize) = { -> Prims.Pure v_Self (f_shake128_init_absorb_final_pre x0) (fun result -> f_shake128_init_absorb_final_post x0 result); - f_shake128_squeeze_first_three_blocks_pre:self___: v_Self -> pred: Type0{true ==> pred}; + f_shake128_squeeze_first_three_blocks_pre:self_: v_Self -> pred: Type0{true ==> pred}; f_shake128_squeeze_first_three_blocks_post: v_Self -> (v_Self & t_Array (t_Array u8 (mk_usize 504)) v_K) @@ -62,7 +62,7 @@ class t_Hash (v_Self: Type0) (v_K: usize) = { -> Prims.Pure (v_Self & t_Array (t_Array u8 (mk_usize 504)) v_K) (f_shake128_squeeze_first_three_blocks_pre x0) (fun result -> f_shake128_squeeze_first_three_blocks_post x0 result); - f_shake128_squeeze_next_block_pre:self___: v_Self -> pred: Type0{true ==> pred}; + f_shake128_squeeze_next_block_pre:self_: v_Self -> pred: Type0{true ==> pred}; f_shake128_squeeze_next_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (mk_usize 168)) v_K) -> Type0; f_shake128_squeeze_next_block:x0: v_Self diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index 9408ab305..c1a4a9e3a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -52,7 +52,7 @@ let unpack_public_key = { unpacked_public_key.f_ind_cpa_public_key with - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt = Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K #v_Vector @@ -63,7 +63,7 @@ let unpack_public_key Core.Ops.Range.t_RangeTo usize ] <: t_Slice u8) - unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt } <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector @@ -168,7 +168,7 @@ let impl_3__serialized_mut v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) serialized.Libcrux_ml_kem.Types.f_value } @@ -193,7 +193,7 @@ let impl_3__serialized v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) <: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -575,12 +575,12 @@ let transpose_a let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K - (fun v__i -> - let v__i:usize = v__i in + (fun e_i -> + let e_i:usize = e_i in Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - (fun v__j -> - let v__j:usize = v__j in + (fun e_j -> + let e_j:usize = e_j in Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -607,7 +607,7 @@ let transpose_a v_A in let i:usize = i in - let v__a_i:t_Array + let e_a_i:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = v_A in @@ -619,7 +619,7 @@ let transpose_a v_A in let j:usize = j in - (forall (k: nat). k < v i ==> Seq.index v_A k == Seq.index v__a_i k) /\ + (forall (k: nat). k < v i ==> Seq.index v_A k == Seq.index e_a_i k) /\ (forall (k: nat). k < v j ==> Seq.index (Seq.index v_A (v i)) k == Seq.index (Seq.index ind_cpa_a k) (v i))) @@ -783,7 +783,7 @@ let generate_keypair v_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt (out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index 97f19a565..1d240a32f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -78,7 +78,7 @@ val unpack_public_key Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector unpacked_public_key_future.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt == deserialized_pk /\ unpacked_public_key_future.f_ind_cpa_public_key .Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A == @@ -94,28 +94,28 @@ val impl_3__serialized_mut (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - (let self___ = self in + (let self_ = self in Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ (forall (i: nat). i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self_ .f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)))) (ensures fun serialized_future -> let serialized_future:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = serialized_future in - let self___ = self in + let self_ = self in serialized_future.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) - self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) + self_.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt)) + self_.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) /// Get the serialized public key. val impl_3__serialized @@ -126,26 +126,26 @@ val impl_3__serialized (self: t_MlKemPublicKeyUnpacked v_K v_Vector) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - (let self___ = self in + (let self_ = self in Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ (forall (i: nat). i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self_ .f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)))) (ensures fun res -> let res:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = res in - let self___ = self in + let self_ = self in res.Libcrux_ml_kem.Types.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) - self___.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) + self_.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt)) + self_.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) [@@ FStar.Tactics.Typeclasses.tcinstance] val impl @@ -197,30 +197,30 @@ val impl_4__serialized_public_key_mut (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - (let self___ = self in + (let self_ = self in Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ (forall (i: nat). i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self_ .f_public_key .f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)))) (ensures fun serialized_future -> let serialized_future:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = serialized_future in - let self___ = self in + let self_ = self in serialized_future.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self___.f_public_key.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) - self___.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) + self_.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt)) + self_.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) /// Get the serialized public key. val impl_4__serialized_public_key @@ -231,28 +231,28 @@ val impl_4__serialized_public_key (self: t_MlKemKeyPairUnpacked v_K v_Vector) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (requires - (let self___ = self in + (let self_ = self in Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ (forall (i: nat). i < v v_K ==> - Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self___ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index self_ .f_public_key .f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)))) (ensures fun res -> let res:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = res in - let self___ = self in + let self_ = self in res.f_value == Seq.append (Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - self___.f_public_key.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt)) - self___.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) + self_.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt)) + self_.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A) /// Get the serialized private key. val impl_4__serialized_private_key_mut @@ -401,7 +401,7 @@ val encapsulate public_key.f_public_key_hash (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) + public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt) (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A) @@ -444,7 +444,7 @@ val decapsulate (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key_pair.f_public_key.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt) (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector key_pair.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 16d98e990..0df834d7a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -263,7 +263,7 @@ let validate_private_key i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + (e_ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = validate_private_key_only v_K v_SECRET_KEY_SIZE #v_Hasher private_key #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 8e73d0c5a..fb74247fa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -97,7 +97,7 @@ val validate_private_key (#v_Hasher: Type0) {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + (e_ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure bool (requires Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst index 158cabd67..714109e1d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fst @@ -68,7 +68,7 @@ let impl_1 = fun (_: Prims.unit) -> { - f_t_as_ntt + f_tt_as_ntt = Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti index 01b734880..7078d5501 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti @@ -25,7 +25,7 @@ val impl type t_IndCpaPublicKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { - f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; + f_tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; f_seed_for_A:t_Array u8 (mk_usize 32); f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index baac26d0c..70751f970 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -266,8 +266,8 @@ let sample_ring_element_cbd let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - (fun v__i -> - let v__i:usize = v__i in + (fun e_i -> + let e_i:usize = e_i in Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -275,14 +275,14 @@ let sample_ring_element_cbd let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in - let v__domain_separator_init:u8 = domain_separator in + let e_domain_separator_init:u8 = domain_separator in let tmp0, out:(t_Array (t_Array u8 (mk_usize 33)) v_K & u8) = Libcrux_ml_kem.Utils.prf_input_inc v_K prf_inputs domain_separator in let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = tmp0 in let domain_separator:u8 = out in let _:Prims.unit = - sample_ring_element_cbd_helper_1 v_K prf_inputs prf_input v__domain_separator_init + sample_ring_element_cbd_helper_1 v_K prf_inputs prf_input e_domain_separator_init in let (prf_outputs: t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K = @@ -328,7 +328,7 @@ let sample_ring_element_cbd #v_Vector error_1_ prf_input - v__domain_separator_init + e_domain_separator_init in error_1_, domain_separator <: @@ -407,14 +407,14 @@ let sample_vector_cbd_then_ntt let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in - let v__domain_separator_init:u8 = domain_separator in + let e_domain_separator_init:u8 = domain_separator in let tmp0, out:(t_Array (t_Array u8 (mk_usize 33)) v_K & u8) = Libcrux_ml_kem.Utils.prf_input_inc v_K prf_inputs domain_separator in let prf_inputs:t_Array (t_Array u8 (mk_usize 33)) v_K = tmp0 in let domain_separator:u8 = out in let _:Prims.unit = - sample_vector_cbd_then_ntt_helper_1 v_K prf_inputs prf_input v__domain_separator_init + sample_vector_cbd_then_ntt_helper_1 v_K prf_inputs prf_input e_domain_separator_init in let (prf_outputs: t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K = @@ -469,7 +469,7 @@ let sample_vector_cbd_then_ntt #v_Vector re_as_ntt prf_input - v__domain_separator_init + e_domain_separator_init in let hax_temp_output:u8 = domain_separator in re_as_ntt, hax_temp_output @@ -493,8 +493,8 @@ let sample_vector_cbd_then_ntt_out let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - (fun v__i -> - let v__i:usize = v__i in + (fun e_i -> + let e_i:usize = e_i in Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -602,11 +602,11 @@ let generate_keypair_unpacked let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = { public_key with - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt = Libcrux_ml_kem.Matrix.compute_As_plus_e v_K #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt error_as_ntt @@ -638,7 +638,7 @@ let generate_keypair_unpacked assert (valid ==> ((Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) == + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt) == t_as_ntt) /\ (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A == seed_for_A) /\ (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector @@ -656,7 +656,7 @@ let generate_keypair_unpacked (forall (i: nat). i < v v_K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i))) in private_key, public_key @@ -682,7 +682,7 @@ let serialize_unpacked_secret_key v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = @@ -923,7 +923,7 @@ let encrypt_unpacked let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Matrix.compute_ring_element_v v_K #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt r_as_ntt error_2_ message_as_ring_element @@ -994,7 +994,7 @@ let build_unpacked_public_key_mut let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = { unpacked_public_key with - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt = Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K #v_Vector @@ -1003,7 +1003,7 @@ let build_unpacked_public_key_mut Core.Ops.Range.t_RangeTo usize ] <: t_Slice u8) - unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt } <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 2354ccac2..8be9b6051 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -223,7 +223,7 @@ val generate_keypair_unpacked (valid ==> (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == + public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt == t_as_ntt) /\ (public_key_future.f_seed_for_A == seed_for_A) /\ (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key_future.f_A == matrix_A_as_ntt) /\ @@ -239,7 +239,7 @@ val generate_keypair_unpacked (forall (i: nat). i < v v_K ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key_future - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i))) /// Serialize the secret key from the unpacked key pair generation. @@ -362,7 +362,7 @@ val encrypt_unpacked randomness (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt) + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt) (Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A)) @@ -393,7 +393,7 @@ val build_unpacked_public_key_mut let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - unpacked_public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == + unpacked_public_key_future.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt == t_as_ntt /\ valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector @@ -420,7 +420,7 @@ val build_unpacked_public_key let matrix_A_as_ntt, valid = Spec.MLKEM.sample_matrix_A_ntt #v_K seed_for_A in (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector - result.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt == + result.Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt == t_as_ntt /\ valid ==> Libcrux_ml_kem.Polynomial.to_spec_matrix_t #v_K #v_Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index aff441ba5..c48698282 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -21,7 +21,7 @@ let invert_ntt_at_layer_1_ = let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #v_Vector) in let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -30,7 +30,7 @@ let invert_ntt_at_layer_1_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round * 4 /\ + v zeta_i == v e_zeta_i_init - v round * 4 /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> @@ -100,7 +100,7 @@ let invert_ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -109,7 +109,7 @@ let invert_ntt_at_layer_2_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round * 2 /\ + v zeta_i == v e_zeta_i_init - v round * 2 /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> @@ -177,7 +177,7 @@ let invert_ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -186,7 +186,7 @@ let invert_ntt_at_layer_3_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round /\ + v zeta_i == v e_zeta_i_init - v round /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index c0fe46211..8da86b04c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -243,8 +243,8 @@ let compute_vector_u let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - (fun v__i -> - let v__i:usize = v__i in + (fun e_i -> + let e_i:usize = e_i in Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti index eebdfcedb..d2950b430 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -35,7 +35,7 @@ val serialized_public_key i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -71,7 +71,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -87,7 +87,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti index b59106cca..e2c4d6032 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -39,7 +39,7 @@ val serialized_public_key i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -75,7 +75,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -91,7 +91,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti index 45033e1d8..0dbe77079 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -39,7 +39,7 @@ val serialized_public_key i < 4 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -75,7 +75,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -91,7 +91,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst index 420397080..ec668685d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst @@ -10,16 +10,16 @@ let _ = () let generate_key_pair - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 64)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568) = @@ -27,20 +27,20 @@ let generate_key_pair in rng, hax_temp_output <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) let encapsulate - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 32)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & @@ -49,5 +49,5 @@ let encapsulate in rng, hax_temp_output <: - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti index 55494bc93..7da09ddc4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti @@ -14,12 +14,12 @@ let _ = /// `CryptoRng` to sample the required randomness internally. /// This function returns an [`MlKem1024KeyPair`]. val generate_key_pair - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 3168) (mk_usize 1568)) Prims.l_True (fun _ -> Prims.l_True) @@ -29,13 +29,13 @@ val generate_key_pair /// The random number generator `rng` needs to implement `RngCore` and /// `CryptoRng` to sample the required randomness internally. val encapsulate - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1568)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1568) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti index 351562191..245881c47 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -35,7 +35,7 @@ val serialized_public_key i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -71,7 +71,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -87,7 +87,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti index 654e7f647..9d7e1814c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -39,7 +39,7 @@ val serialized_public_key i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -75,7 +75,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -91,7 +91,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti index 0971ec8be..341176dca 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -39,7 +39,7 @@ val serialized_public_key i < 2 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -75,7 +75,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -91,7 +91,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst index 05959df41..09d98b64c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst @@ -10,16 +10,16 @@ let _ = () let generate_key_pair - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 64)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800) = @@ -27,20 +27,20 @@ let generate_key_pair in rng, hax_temp_output <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) let encapsulate - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 32)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & @@ -49,5 +49,5 @@ let encapsulate in rng, hax_temp_output <: - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti index 3f98de8bf..f72217571 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti @@ -14,12 +14,12 @@ let _ = /// `CryptoRng` to sample the required randomness internally. /// This function returns an [`MlKem512KeyPair`]. val generate_key_pair - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 1632) (mk_usize 800)) Prims.l_True (fun _ -> Prims.l_True) @@ -29,13 +29,13 @@ val generate_key_pair /// The random number generator `rng` needs to implement `RngCore` and /// `CryptoRng` to sample the required randomness internally. val encapsulate - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 800)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 768) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti index 39a6dac29..35885baf9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -35,7 +35,7 @@ val serialized_public_key i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -71,7 +71,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i))) (fun _ -> Prims.l_True) @@ -87,7 +87,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti index 12d585a78..a2923981a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -40,7 +40,7 @@ val serialized_public_key i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -76,7 +76,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i))) (fun _ -> Prims.l_True) @@ -92,7 +92,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti index 961c4e8c8..2f4ca5d47 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -40,7 +40,7 @@ val serialized_public_key i < 3 ==> Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) @@ -76,7 +76,7 @@ val key_pair_serialized_public_key_mut Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i))) (fun _ -> Prims.l_True) @@ -92,7 +92,7 @@ val key_pair_serialized_public_key Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key_pair .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_tt_as_ntt i)) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst index e19acdcc9..0d29d489c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst @@ -10,16 +10,16 @@ let _ = () let generate_key_pair - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 64) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 64)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 64)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 64) = tmp1 in let _:Prims.unit = () in let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184) = @@ -27,20 +27,20 @@ let generate_key_pair in rng, hax_temp_output <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) let encapsulate - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (#iimpl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore iimpl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng iimpl_277843321_) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) = let randomness:t_Array u8 (mk_usize 32) = Rust_primitives.Hax.repeat (mk_u8 0) (mk_usize 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (mk_usize 32)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + let tmp0, tmp1:(iimpl_277843321_ & t_Array u8 (mk_usize 32)) = + Rand_core.f_fill_bytes #iimpl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness in - let rng:impl_277843321_ = tmp0 in + let rng:iimpl_277843321_ = tmp0 in let randomness:t_Array u8 (mk_usize 32) = tmp1 in let _:Prims.unit = () in let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & @@ -49,5 +49,5 @@ let encapsulate in rng, hax_temp_output <: - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti index f1c2a540e..e74c9b8ae 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti @@ -14,12 +14,12 @@ let _ = /// `CryptoRng` to sample the required randomness internally. /// This function returns an [`MlKem768KeyPair`]. val generate_key_pair - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (rng: impl_277843321_) + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) + (iimpl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (mk_usize 2400) (mk_usize 1184)) Prims.l_True (fun _ -> Prims.l_True) @@ -29,13 +29,13 @@ val generate_key_pair /// The random number generator `rng` needs to implement `RngCore` and /// `CryptoRng` to sample the required randomness internally. val encapsulate - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (#iimpl_277843321_: Type0) + {| i1: Rand_core.t_RngCore iimpl_277843321_ |} + {| i2: Rand_core.t_CryptoRng iimpl_277843321_ |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (mk_usize 1184)) - (rng: impl_277843321_) + (rng: iimpl_277843321_) : Prims.Pure - (impl_277843321_ & + (iimpl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (mk_usize 1088) & t_Array u8 (mk_usize 32))) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 79df0d16e..08d38e92e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -18,11 +18,11 @@ let ntt_at_layer_1_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) = let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in let _:Prims.unit = reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -31,7 +31,7 @@ let ntt_at_layer_1_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round * 4 /\ + v zeta_i == v e_zeta_i_init + v round * 4 /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> @@ -99,11 +99,11 @@ let ntt_at_layer_2_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) = let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -112,7 +112,7 @@ let ntt_at_layer_2_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round * 2 /\ + v zeta_i == v e_zeta_i_init + v round * 2 /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> @@ -178,11 +178,11 @@ let ntt_at_layer_3_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) = let _:Prims.unit = reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #v_Vector) in let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in - let v__zeta_i_init:usize = zeta_i in + let e_zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) (mk_usize 16) @@ -191,7 +191,7 @@ let ntt_at_layer_3_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round /\ + v zeta_i == v e_zeta_i_init + v round /\ (v round < 16 ==> (forall (i: nat). (i >= v round /\ i < 16) ==> @@ -272,10 +272,10 @@ let ntt_at_layer_4_plus Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (layer v__initial_coefficient_bound: usize) + (layer e_initial_coefficient_bound: usize) = let step:usize = mk_usize 1 <>! layer <: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 06d5bf582..4aaf8b884 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -28,7 +28,7 @@ val ntt_at_layer_1_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires v zeta_i == 63 /\ ntt_re_range_2 re) (ensures @@ -51,7 +51,7 @@ val ntt_at_layer_2_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires v zeta_i == 31 /\ ntt_re_range_3 re) (ensures @@ -74,7 +74,7 @@ val ntt_at_layer_3_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (v__initial_coefficient_bound: usize) + (e_initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires v zeta_i == 15 /\ ntt_re_range_4 re) (ensures @@ -111,7 +111,7 @@ val ntt_at_layer_4_plus {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (layer v__initial_coefficient_bound: usize) + (layer e_initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires v layer >= 4 /\ v layer <= 7 /\ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 8dc7807f5..bb43ec0d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -200,7 +200,7 @@ let sample_from_xof let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & v_Hasher) = - Rust_primitives.f_while_loop (fun temp_0_ -> + Rust_primitives.Hax.while_loop (fun temp_0_ -> let done, out, sampled_coefficients, xof_state:(bool & t_Array (t_Array i16 (mk_usize 272)) v_K & t_Array usize v_K & @@ -304,7 +304,7 @@ let sample_from_binomial_distribution_2_ in let coin_toss_outcomes:u32 = even_bits +! odd_bits in Rust_primitives.Hax.Folds.fold_range_step_by (mk_u32 0) - Core.Num.impl__u32__BITS + Core.Num.impl_u32__BITS (mk_usize 4) (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (mk_usize 256) = sampled_i16s in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 4126df24b..8876200e9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -345,8 +345,8 @@ let deserialize_ring_elements_reduced_out let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - (fun v__i -> - let v__i:usize = v__i in + (fun e_i -> + let e_i:usize = e_i in Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index ebaa64544..e8d7d8778 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -23,7 +23,7 @@ let impl_4 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_ f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true); f_as_ref_post = - (fun (self___: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self___.f_value); + (fun (self_: t_MlKemCiphertext v_SIZE) (result: t_Slice u8) -> result = self_.f_value); f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8 } @@ -123,7 +123,7 @@ let impl_11 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = - (fun (self___: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value); + (fun (self_: t_MlKemPrivateKey v_SIZE) (result: t_Slice u8) -> result = self_.f_value); f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8 } @@ -223,7 +223,7 @@ let impl_18 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_ f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = - (fun (self___: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self___.f_value); + (fun (self_: t_MlKemPublicKey v_SIZE) (result: t_Slice u8) -> result = self_.f_value); f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8 } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst index 84267e501..9b0e6d631 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst @@ -52,8 +52,8 @@ let prf_input_inc (prf_inputs: t_Array (t_Array u8 (mk_usize 33)) v_K) (domain_separator: u8) = - let v__domain_separator_init:u8 = domain_separator in - let v__prf_inputs_init:t_Array (t_Array u8 (mk_usize 33)) v_K = + let e_domain_separator_init:u8 = domain_separator in + let e_prf_inputs_init:t_Array (t_Array u8 (mk_usize 33)) v_K = Core.Clone.f_clone #(t_Array (t_Array u8 (mk_usize 33)) v_K) #FStar.Tactics.Typeclasses.solve prf_inputs @@ -66,15 +66,15 @@ let prf_input_inc temp_0_ in let i:usize = i in - v domain_separator == v v__domain_separator_init + v i /\ + v domain_separator == v e_domain_separator_init + v i /\ (v i < v v_K ==> (forall (j: nat). - (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == v__prf_inputs_init.[ sz j ])) /\ + (j >= v i /\ j < v v_K) ==> prf_inputs.[ sz j ] == e_prf_inputs_init.[ sz j ])) /\ (forall (j: nat). j < v i ==> - v (Seq.index (Seq.index prf_inputs j) 32) == v v__domain_separator_init + j /\ + v (Seq.index (Seq.index prf_inputs j) 32) == v e_domain_separator_init + j /\ Seq.slice (Seq.index prf_inputs j) 0 32 == - Seq.slice (Seq.index v__prf_inputs_init j) 0 32)) + Seq.slice (Seq.index e_prf_inputs_init j) 0 32)) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (mk_usize 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (mk_usize 33)) v_K) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst index ce7a40c47..c04b35cf7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst @@ -8,11 +8,11 @@ let ntt_layer_1_step (zeta0 zeta1 zeta2 zeta3: i16) = let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta3 <: i16) - (Core.Ops.Arith.Neg.neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.Neg.neg zeta2 <: i16) - (Core.Ops.Arith.Neg.neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.Neg.neg zeta0 <: i16) - (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 + Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Core.Ops.Arith.f_neg zeta3 <: i16) + (Core.Ops.Arith.f_neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.f_neg zeta2 <: i16) + (Core.Ops.Arith.f_neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.f_neg zeta1 <: i16) + (Core.Ops.Arith.f_neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.f_neg zeta0 <: i16) + (Core.Ops.Arith.f_neg zeta0 <: i16) zeta0 zeta0 in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 (mk_i32 245) vector @@ -27,11 +27,11 @@ let ntt_layer_1_step let ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) = let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 - (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) - (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 zeta0 + Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Core.Ops.Arith.f_neg zeta1 <: i16) + (Core.Ops.Arith.f_neg zeta1 <: i16) (Core.Ops.Arith.f_neg zeta1 <: i16) + (Core.Ops.Arith.f_neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 + (Core.Ops.Arith.f_neg zeta0 <: i16) (Core.Ops.Arith.f_neg zeta0 <: i16) + (Core.Ops.Arith.f_neg zeta0 <: i16) (Core.Ops.Arith.f_neg zeta0 <: i16) zeta0 zeta0 zeta0 zeta0 in let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -214,17 +214,17 @@ let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta in let right:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 right - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Core.Ops.Arith.Neg.neg (cast (zeta3 <: i16) + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Core.Ops.Arith.f_neg (cast (zeta3 <: i16) <: i32) <: i32) (cast (zeta3 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta2 <: i16) <: i32) <: i32) + (Core.Ops.Arith.f_neg (cast (zeta2 <: i16) <: i32) <: i32) (cast (zeta2 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta1 <: i16) <: i32) <: i32) + (Core.Ops.Arith.f_neg (cast (zeta1 <: i16) <: i32) <: i32) (cast (zeta1 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta0 <: i16) <: i32) <: i32) + (Core.Ops.Arith.f_neg (cast (zeta0 <: i16) <: i32) <: i32) (cast (zeta0 <: i16) <: i32) <: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti index 15a24bbe9..b0d036be1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -41,7 +41,7 @@ val inv_ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zet (requires Spec.Utils.is_i16b 1664 zeta) (fun _ -> Prims.l_True) -let ntt_multiply__PERMUTE_WITH: i32 = mk_i32 216 +let ntt_multiply__v_PERMUTE_WITH: i32 = mk_i32 216 val ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index ebc4d32d3..b167ae236 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -21,14 +21,14 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = let _:Prims.unit = assert (v (cast (good.[ sz 0 ] <: u8) <: usize) < 256); assert (v (cast (good.[ sz 1 ] <: u8) <: usize) < 256); - assume (v (cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize) <= 8); - assume (v (cast (Core.Num.impl__u8__count_ones good.[ sz 1 ]) <: usize) <= 8); + assume (v (cast (Core.Num.impl_u8__count_ones good.[ sz 0 ]) <: usize) <= 8); + assume (v (cast (Core.Num.impl_u8__count_ones good.[ sz 1 ]) <: usize) <= 8); assume (Core.Ops.Index.f_index_pre output ({ - Core.Ops.Range.f_start = cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize; + Core.Ops.Range.f_start = cast (Core.Num.impl_u8__count_ones good.[ sz 0 ]) <: usize; Core.Ops.Range.f_end = - (cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize) +! sz 8 + (cast (Core.Num.impl_u8__count_ones good.[ sz 0 ]) <: usize) +! sz 8 })) in let lower_shuffles:t_Array u8 (mk_usize 16) = @@ -52,7 +52,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = Libcrux_intrinsics.Avx2_extract.mm_storeu_si128 output lower_coefficients in let sampled_count:usize = - cast (Core.Num.impl__u8__count_ones (good.[ mk_usize 0 ] <: u8) <: u32) <: usize + cast (Core.Num.impl_u8__count_ones (good.[ mk_usize 0 ] <: u8) <: u32) <: usize in let upper_shuffles:t_Array u8 (mk_usize 16) = Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ mk_usize @@ -93,7 +93,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = in let hax_temp_output:usize = sampled_count +! - (cast (Core.Num.impl__u8__count_ones (good.[ mk_usize 1 ] <: u8) <: u32) <: usize) + (cast (Core.Num.impl_u8__count_ones (good.[ mk_usize 1 ] <: u8) <: u32) <: usize) in output, hax_temp_output <: (t_Slice i16 & usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 245ce78ea..0ae117b00 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -297,6 +297,44 @@ let serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Core.Result.t_Result (t_Array u8 (mk_usize 10)) Core.Array.t_TryFromSliceError) +let deserialize_5_ (bytes: t_Slice u8) = + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_set_epi8 (bytes.[ mk_usize 9 ] <: u8) + (bytes.[ mk_usize 8 ] <: u8) (bytes.[ mk_usize 8 ] <: u8) (bytes.[ mk_usize 7 ] <: u8) + (bytes.[ mk_usize 7 ] <: u8) (bytes.[ mk_usize 6 ] <: u8) (bytes.[ mk_usize 6 ] <: u8) + (bytes.[ mk_usize 5 ] <: u8) (bytes.[ mk_usize 4 ] <: u8) (bytes.[ mk_usize 3 ] <: u8) + (bytes.[ mk_usize 3 ] <: u8) (bytes.[ mk_usize 2 ] <: u8) (bytes.[ mk_usize 2 ] <: u8) + (bytes.[ mk_usize 1 ] <: u8) (bytes.[ mk_usize 1 ] <: u8) (bytes.[ mk_usize 0 ] <: u8) + in + let coefficients_loaded:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_si256_from_two_si128 coefficients coefficients + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 coefficients_loaded + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 15) (mk_i8 14) (mk_i8 15) (mk_i8 14) + (mk_i8 13) (mk_i8 12) (mk_i8 13) (mk_i8 12) (mk_i8 11) (mk_i8 10) (mk_i8 11) (mk_i8 10) + (mk_i8 9) (mk_i8 8) (mk_i8 9) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 7) (mk_i8 6) (mk_i8 5) + (mk_i8 4) (mk_i8 5) (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) + (mk_i8 1) (mk_i8 0) + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (mk_i16 1 < + coefficients i = + (if i % 16 < 10 + then + let j = (i / 16) * 10 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32) + else 0))) + in + coefficients + +let deserialize_10_ (bytes: t_Slice u8) = + let lower_coefficients:t_Slice u8 = + bytes.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } + <: + Core.Ops.Range.t_Range usize ] + in + let upper_coefficients:t_Slice u8 = + bytes.[ { Core.Ops.Range.f_start = mk_usize 4; Core.Ops.Range.f_end = mk_usize 20 } + <: + Core.Ops.Range.t_Range usize ] + in + deserialize_10___deserialize_10_vec (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 lower_coefficients + + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 upper_coefficients + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + #push-options "--admit_smt_queries true" let serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = @@ -550,123 +667,6 @@ let serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = #pop-options -let deserialize_5_ (bytes: t_Slice u8) = - let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm_set_epi8 (bytes.[ mk_usize 9 ] <: u8) - (bytes.[ mk_usize 8 ] <: u8) (bytes.[ mk_usize 8 ] <: u8) (bytes.[ mk_usize 7 ] <: u8) - (bytes.[ mk_usize 7 ] <: u8) (bytes.[ mk_usize 6 ] <: u8) (bytes.[ mk_usize 6 ] <: u8) - (bytes.[ mk_usize 5 ] <: u8) (bytes.[ mk_usize 4 ] <: u8) (bytes.[ mk_usize 3 ] <: u8) - (bytes.[ mk_usize 3 ] <: u8) (bytes.[ mk_usize 2 ] <: u8) (bytes.[ mk_usize 2 ] <: u8) - (bytes.[ mk_usize 1 ] <: u8) (bytes.[ mk_usize 1 ] <: u8) (bytes.[ mk_usize 0 ] <: u8) - in - let coefficients_loaded:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - mm256_si256_from_two_si128 coefficients coefficients - in - let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 coefficients_loaded - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (mk_i8 15) (mk_i8 14) (mk_i8 15) (mk_i8 14) - (mk_i8 13) (mk_i8 12) (mk_i8 13) (mk_i8 12) (mk_i8 11) (mk_i8 10) (mk_i8 11) (mk_i8 10) - (mk_i8 9) (mk_i8 8) (mk_i8 9) (mk_i8 8) (mk_i8 7) (mk_i8 6) (mk_i8 7) (mk_i8 6) (mk_i8 5) - (mk_i8 4) (mk_i8 5) (mk_i8 4) (mk_i8 3) (mk_i8 2) (mk_i8 3) (mk_i8 2) (mk_i8 1) (mk_i8 0) - (mk_i8 1) (mk_i8 0) - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) - in - let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (mk_i16 1 < - coefficients i = - (if i % 16 < 10 - then - let j = (i / 16) * 10 + i % 16 in - if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32) - else 0))) - in - coefficients - -let deserialize_10_ (bytes: t_Slice u8) = - let lower_coefficients:t_Slice u8 = - bytes.[ { Core.Ops.Range.f_start = mk_usize 0; Core.Ops.Range.f_end = mk_usize 16 } - <: - Core.Ops.Range.t_Range usize ] - in - let upper_coefficients:t_Slice u8 = - bytes.[ { Core.Ops.Range.f_start = mk_usize 4; Core.Ops.Range.f_end = mk_usize 20 } - <: - Core.Ops.Range.t_Range usize ] - in - deserialize_10___deserialize_10_vec (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 lower_coefficients - - <: - Libcrux_intrinsics.Avx2_extract.t_Vec128) - (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 upper_coefficients - <: - Libcrux_intrinsics.Avx2_extract.t_Vec128) - [@@"opaque_to_smt"] let deserialize_12___deserialize_12_vec diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index e7c7f0e90..ea54af8a8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -133,6 +133,11 @@ val serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) include BitVec.Intrinsics {mm256_si256_from_two_si128 as mm256_si256_from_two_si128} +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Seq.length bytes == 10) + (fun _ -> Prims.l_True) + val serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) @@ -154,38 +159,6 @@ val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) let r:t_Array u8 (mk_usize 20) = r in forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i / 10) * 16 + i % 10)) -val serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) - -val deserialize_11_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) - -val serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure - (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) - (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) - (ensures - fun temp_0_ -> - let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & - Libcrux_intrinsics.Avx2_extract.t_Vec128) = - temp_0_ - in - forall (i: nat{i < 192}). - vector ((i / 12) * 16 + i % 12) == (if i < 96 then lower_8_ i else upper_8_ (i - 96))) - -val serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (mk_usize 24)) - (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) - (ensures - fun r -> - let r:t_Array u8 (mk_usize 24) = r in - forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i / 12) * 16 + i % 12)) - -val deserialize_5_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - (requires Seq.length bytes == 10) - (fun _ -> Prims.l_True) - val deserialize_10___deserialize_10_vec (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 @@ -215,6 +188,33 @@ val deserialize_10_ (bytes: t_Slice u8) let j = (i / 16) * 10 + i % 16 in bit_vec_of_int_t_array (bytes <: t_Array _ (sz 20)) 8 j)) +val serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure (t_Array u8 (mk_usize 22)) Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +val serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure + (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) + (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) + (ensures + fun temp_0_ -> + let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & + Libcrux_intrinsics.Avx2_extract.t_Vec128) = + temp_0_ + in + forall (i: nat{i < 192}). + vector ((i / 12) * 16 + i % 12) == (if i < 96 then lower_8_ i else upper_8_ (i - 96))) + +val serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure (t_Array u8 (mk_usize 24)) + (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) + (ensures + fun r -> + let r:t_Array u8 (mk_usize 24) = r in + forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i / 12) * 16 + i % 12)) + val deserialize_12___deserialize_12_vec (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index a892086c8..38c5b093c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -338,10 +338,10 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_cond_subtract_3329_pre + f_cond_subtract_3329__pre = (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr vector)); - f_cond_subtract_3329_post + f_cond_subtract_3329__post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> impl.f_repr out == @@ -375,13 +375,13 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_compress_1_pre + f_compress_1__pre = (fun (vector: t_SIMD256Vector) -> forall (i: nat). i < 16 ==> v (Seq.index (impl.f_repr vector) i) >= 0 /\ v (Seq.index (impl.f_repr vector) i) < 3329); - f_compress_1_post + f_compress_1__post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1); @@ -553,50 +553,50 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta3: i16) -> ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3); - f_serialize_1_pre + f_serialize_1__pre = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector)); - f_serialize_1_post + f_serialize_1__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 2)) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr vector) out); f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> serialize_1_ vector); - f_deserialize_1_pre + f_deserialize_1__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 2); - f_deserialize_1_post + f_deserialize_1__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 bytes (impl.f_repr out)); f_deserialize_1_ = (fun (bytes: t_Slice u8) -> deserialize_1_ bytes); - f_serialize_4_pre + f_serialize_4__pre = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector)); - f_serialize_4_post + f_serialize_4__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 8)) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr vector) out); f_serialize_4_ = (fun (vector: t_SIMD256Vector) -> serialize_4_ vector); - f_deserialize_4_pre + f_deserialize_4__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8); - f_deserialize_4_post + f_deserialize_4__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (impl.f_repr out)); f_deserialize_4_ = (fun (bytes: t_Slice u8) -> deserialize_4_ bytes); - f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 10)) -> true); + f_serialize_5__pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_5__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 10)) -> true); f_serialize_5_ = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements); - f_deserialize_5_pre + f_deserialize_5__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 10); - f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_5__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_5_ = (fun (bytes: t_Slice u8) -> @@ -604,52 +604,52 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes } <: t_SIMD256Vector); - f_serialize_10_pre + f_serialize_10__pre = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector)); - f_serialize_10_post + f_serialize_10__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 20)) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr vector) out); f_serialize_10_ = (fun (vector: t_SIMD256Vector) -> serialize_10_ vector); - f_deserialize_10_pre + f_deserialize_10__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20); - f_deserialize_10_post + f_deserialize_10__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (impl.f_repr out)); f_deserialize_10_ = (fun (bytes: t_Slice u8) -> deserialize_10_ bytes); - f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 22)) -> true); + f_serialize_11__pre = (fun (vector: t_SIMD256Vector) -> true); + f_serialize_11__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 22)) -> true); f_serialize_11_ = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_11_ vector.f_elements); - f_deserialize_11_pre + f_deserialize_11__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 22); - f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_11__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_11_ = (fun (bytes: t_Slice u8) -> { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_11_ bytes } <: t_SIMD256Vector); - f_serialize_12_pre + f_serialize_12__pre = (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector)); - f_serialize_12_post + f_serialize_12__post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (mk_usize 24)) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr vector) out); f_serialize_12_ = (fun (vector: t_SIMD256Vector) -> serialize_12_ vector); - f_deserialize_12_pre + f_deserialize_12__pre = (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 24); - f_deserialize_12_post + f_deserialize_12__post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> sz (Seq.length bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 bytes (impl.f_repr out)); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst index b22cca873..6375db008 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst @@ -9,7 +9,7 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = lhs with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vaddq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low + Libcrux_intrinsics.Arm64_extract.e_vaddq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low rhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low } <: @@ -20,8 +20,7 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = lhs with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vaddq_s16 lhs - .Libcrux_ml_kem.Vector.Neon.Vector_type.f_high + Libcrux_intrinsics.Arm64_extract.e_vaddq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high rhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high } <: @@ -35,7 +34,7 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = lhs with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low rhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low } <: @@ -46,8 +45,7 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = lhs with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 lhs - .Libcrux_ml_kem.Vector.Neon.Vector_type.f_high + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high rhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high } <: @@ -61,7 +59,7 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vec v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low + Libcrux_intrinsics.Arm64_extract.e_vmulq_n_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c } <: @@ -72,8 +70,7 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vec v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 v - .Libcrux_ml_kem.Vector.Neon.Vector_type.f_high + Libcrux_intrinsics.Arm64_extract.e_vmulq_n_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high c } <: @@ -82,13 +79,13 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vec v let bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) = - let c:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 c in + let c:u8 = Libcrux_intrinsics.Arm64_extract.e_vdupq_n_s16 c in let v:Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = { v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vandq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c + Libcrux_intrinsics.Arm64_extract.e_vandq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c } <: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -98,8 +95,7 @@ let bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD1 v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vandq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high - c + Libcrux_intrinsics.Arm64_extract.e_vandq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high c } <: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -112,7 +108,7 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_S v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 v_SHIFT_BY + Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 v_SHIFT_BY v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low } <: @@ -123,7 +119,7 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_S v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 v_SHIFT_BY + Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 v_SHIFT_BY v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high } <: @@ -132,28 +128,27 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_S v let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let c:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 3329) in + let c:u8 = Libcrux_intrinsics.Arm64_extract.e_vdupq_n_s16 (mk_i16 3329) in let m0:u8 = - Libcrux_intrinsics.Arm64_extract.v__vcgeq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c + Libcrux_intrinsics.Arm64_extract.e_vcgeq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c in let m1:u8 = - Libcrux_intrinsics.Arm64_extract.v__vcgeq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high c + Libcrux_intrinsics.Arm64_extract.e_vcgeq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high c in let c0:u8 = - Libcrux_intrinsics.Arm64_extract.v__vandq_s16 c - (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 m0 <: u8) + Libcrux_intrinsics.Arm64_extract.e_vandq_s16 c + (Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_s16_u16 m0 <: u8) in let c1:u8 = - Libcrux_intrinsics.Arm64_extract.v__vandq_s16 c - (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 m1 <: u8) + Libcrux_intrinsics.Arm64_extract.e_vandq_s16 c + (Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_s16_u16 m1 <: u8) in let v:Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = { v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low - c0 + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low c0 } <: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -163,7 +158,7 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vect v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high c1 } <: @@ -172,15 +167,15 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vect v let barrett_reduce_int16x8_t (v: u8) = - let adder:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 1024) in - let vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 v v_BARRETT_MULTIPLIER in - let vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vaddq_s16 vec adder in - let quotient:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 11) vec in + let adder:u8 = Libcrux_intrinsics.Arm64_extract.e_vdupq_n_s16 (mk_i16 1024) in + let vec:u8 = Libcrux_intrinsics.Arm64_extract.e_vqdmulhq_n_s16 v v_BARRETT_MULTIPLIER in + let vec:u8 = Libcrux_intrinsics.Arm64_extract.e_vaddq_s16 vec adder in + let quotient:u8 = Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 11) vec in let sub:u8 = - Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 quotient + Libcrux_intrinsics.Arm64_extract.e_vmulq_n_s16 quotient Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 v sub + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 v sub let barrett_reduce (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let v:Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = @@ -207,34 +202,34 @@ let barrett_reduce (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let montgomery_reduce_int16x8_t (low high: u8) = let k:u8 = - Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.v__vmulq_n_u16 - (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 low <: u8) + Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.e_vmulq_n_u16 + (Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_u16_s16 low <: u8) (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: u32) <: u16) <: u8) in let c:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) - (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 k + Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 1) + (Libcrux_intrinsics.Arm64_extract.e_vqdmulhq_n_s16 k Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: u8) in - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 high c + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 high c let montgomery_multiply_by_constant_int16x8_t (v: u8) (c: i16) = - let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.v__vmulq_n_s16 v c in + let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.e_vmulq_n_s16 v c in let vv_high:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) - (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_n_s16 v c <: u8) + Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 1) + (Libcrux_intrinsics.Arm64_extract.e_vqdmulhq_n_s16 v c <: u8) in montgomery_reduce_int16x8_t vv_low vv_high let montgomery_multiply_int16x8_t (v c: u8) = - let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.v__vmulq_s16 v c in + let vv_low:u8 = Libcrux_intrinsics.Arm64_extract.e_vmulq_s16 v c in let vv_high:u8 = - Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 1) - (Libcrux_intrinsics.Arm64_extract.v__vqdmulhq_s16 v c <: u8) + Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 1) + (Libcrux_intrinsics.Arm64_extract.e_vqdmulhq_s16 v c <: u8) in montgomery_reduce_int16x8_t vv_low vv_high diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst index d9d3c06c3..a3ce4df63 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst @@ -4,25 +4,24 @@ open Core open FStar.Mul let compress_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - let half:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 1664) in - let quarter:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 (mk_i16 832) in + let half:u8 = Libcrux_intrinsics.Arm64_extract.e_vdupq_n_s16 (mk_i16 1664) in + let quarter:u8 = Libcrux_intrinsics.Arm64_extract.e_vdupq_n_s16 (mk_i16 832) in let shifted:u8 = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 half - v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 half v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low in - let mask:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 15) shifted in - let shifted_to_positive:u8 = Libcrux_intrinsics.Arm64_extract.v__veorq_s16 mask shifted in + let mask:u8 = Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 15) shifted in + let shifted_to_positive:u8 = Libcrux_intrinsics.Arm64_extract.e_veorq_s16 mask shifted in let shifted_positive_in_range:u8 = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 shifted_to_positive quarter + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 shifted_to_positive quarter in let v:Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = { v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_low = - Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.v__vshrq_n_u16 + Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.e_vshrq_n_u16 (mk_i32 15) - (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 shifted_positive_in_range + (Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_u16_s16 shifted_positive_in_range <: u8) <: @@ -32,22 +31,22 @@ let compress_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector in let shifted:u8 = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 half + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 half v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high in - let mask:u8 = Libcrux_intrinsics.Arm64_extract.v__vshrq_n_s16 (mk_i32 15) shifted in - let shifted_to_positive:u8 = Libcrux_intrinsics.Arm64_extract.v__veorq_s16 mask shifted in + let mask:u8 = Libcrux_intrinsics.Arm64_extract.e_vshrq_n_s16 (mk_i32 15) shifted in + let shifted_to_positive:u8 = Libcrux_intrinsics.Arm64_extract.e_veorq_s16 mask shifted in let shifted_positive_in_range:u8 = - Libcrux_intrinsics.Arm64_extract.v__vsubq_s16 shifted_to_positive quarter + Libcrux_intrinsics.Arm64_extract.e_vsubq_s16 shifted_to_positive quarter in let v:Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = { v with Libcrux_ml_kem.Vector.Neon.Vector_type.f_high = - Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.v__vshrq_n_u16 + Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_s16_u16 (Libcrux_intrinsics.Arm64_extract.e_vshrq_n_u16 (mk_i32 15) - (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 shifted_positive_in_range + (Libcrux_intrinsics.Arm64_extract.e_vreinterpretq_u16_s16 shifted_positive_in_range <: u8) <: @@ -67,21 +66,21 @@ let mask_n_least_significant_bits (coefficient_bits: i16) = | x -> (mk_i16 1 < Libcrux_ml_kem.Vector.Neon.Arithmetic.shift_right v_SHIFT_BY v); - f_cond_subtract_3329_pre + f_cond_subtract_3329__pre = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_cond_subtract_3329_post + f_cond_subtract_3329__post = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -232,8 +232,8 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (c: i16) -> Libcrux_ml_kem.Vector.Neon.Arithmetic.montgomery_multiply_by_constant v c); - f_compress_1_pre = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_compress_1_post + f_compress_1__pre = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_compress_1__post = (fun (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -436,8 +436,8 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = (zeta4: i16) -> Libcrux_ml_kem.Vector.Neon.Ntt.ntt_multiply lhs rhs zeta1 zeta2 zeta3 zeta4); - f_serialize_1_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_1_post + f_serialize_1__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_1__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -448,15 +448,15 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_1_ a); - f_deserialize_1_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_1_post + f_deserialize_1__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_1__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_1_ = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_1_ a); - f_serialize_4_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_4_post + f_serialize_4__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_4__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -467,15 +467,15 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_4_ a); - f_deserialize_4_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_4_post + f_deserialize_4__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_4__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_4_ = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_4_ a); - f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_5_post + f_serialize_5__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_5__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -486,15 +486,15 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_5_ a); - f_deserialize_5_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_5_post + f_deserialize_5__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_5__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_5_ = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_5_ a); - f_serialize_10_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_10_post + f_serialize_10__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_10__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -505,15 +505,15 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_10_ a); - f_deserialize_10_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_10_post + f_deserialize_10__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_10__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_10_ = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_10_ a); - f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_11_post + f_serialize_11__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_11__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -524,15 +524,15 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_11_ a); - f_deserialize_11_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_11_post + f_deserialize_11__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_11__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_11_ = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Neon.Serialize.deserialize_11_ a); - f_serialize_12_pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); - f_serialize_12_post + f_serialize_12__pre = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_serialize_12__post = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) @@ -543,8 +543,8 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = = (fun (a: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> Libcrux_ml_kem.Vector.Neon.Serialize.serialize_12_ a); - f_deserialize_12_pre = (fun (a: t_Slice u8) -> true); - f_deserialize_12_post + f_deserialize_12__pre = (fun (a: t_Slice u8) -> true); + f_deserialize_12__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_deserialize_12_ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index 6bd277379..31c7f78fb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -31,7 +31,7 @@ let get_n_least_significant_bits (n: u8) (value: u32) = #push-options "--z3rlimit 150" let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let e_lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -41,8 +41,8 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = (forall j. j < v i ==> (Seq.index lhs.f_elements j) == - (Seq.index v__lhs0.f_elements j) +! (Seq.index rhs.f_elements j)) /\ - (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) + (Seq.index e_lhs0.f_elements j) +! (Seq.index rhs.f_elements j)) /\ + (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index e_lhs0.f_elements j))) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -68,14 +68,14 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let _:Prims.unit = assert (forall i. v (Seq.index lhs.f_elements i) == - v (Seq.index v__lhs0.f_elements i) + v (Seq.index rhs.f_elements i)) + v (Seq.index e_lhs0.f_elements i) + v (Seq.index rhs.f_elements i)) in lhs #pop-options let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let e_lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -85,8 +85,8 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = (forall j. j < v i ==> (Seq.index lhs.f_elements j) == - (Seq.index v__lhs0.f_elements j) -! (Seq.index rhs.f_elements j)) /\ - (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) + (Seq.index e_lhs0.f_elements j) -! (Seq.index rhs.f_elements j)) /\ + (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index e_lhs0.f_elements j))) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -112,12 +112,12 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let _:Prims.unit = assert (forall i. v (Seq.index lhs.f_elements i) == - v (Seq.index v__lhs0.f_elements i) - v (Seq.index rhs.f_elements i)) + v (Seq.index e_lhs0.f_elements i) - v (Seq.index rhs.f_elements i)) in lhs let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -125,8 +125,8 @@ let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in (forall j. - j < v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j) *! c) /\ - (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) + j < v i ==> (Seq.index vec.f_elements j) == (Seq.index e_vec0.f_elements j) *! c) /\ + (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index e_vec0.f_elements j))) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -149,7 +149,7 @@ let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port vec) in let _:Prims.unit = - assert (forall i. v (Seq.index vec.f_elements i) == v (Seq.index v__vec0.f_elements i) * v c) + assert (forall i. v (Seq.index vec.f_elements i) == v (Seq.index e_vec0.f_elements i) * v c) in vec @@ -157,16 +157,15 @@ let bitwise_and_with_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - (forall j. j < v i ==> Seq.index vec.f_elements j == (Seq.index v__vec0.f_elements j &. c) - ) /\ (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j) - ) + (forall j. j < v i ==> Seq.index vec.f_elements j == (Seq.index e_vec0.f_elements j &. c)) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index e_vec0.f_elements j)) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -189,12 +188,12 @@ let bitwise_and_with_constant vec) in let _:Prims.unit = - Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x &. c) v__vec0.f_elements) + Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x &. c) e_vec0.f_elements) in vec let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -203,8 +202,8 @@ let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_ty let i:usize = i in (forall j. j < v i ==> - Seq.index vec.f_elements j == (Seq.index v__vec0.f_elements j >>! v_SHIFT_BY)) /\ - (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + Seq.index vec.f_elements j == (Seq.index e_vec0.f_elements j >>! v_SHIFT_BY)) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index e_vec0.f_elements j)) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -229,14 +228,14 @@ let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_ty in let _:Prims.unit = Seq.lemma_eq_intro vec.f_elements - (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) v__vec0.f_elements) + (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) e_vec0.f_elements) in vec #push-options "--z3rlimit 300" let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -246,9 +245,9 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta (forall j. j < v i ==> Seq.index vec.f_elements j == - (let x = Seq.index v__vec0.f_elements j in + (let x = Seq.index e_vec0.f_elements j in if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x)) /\ - (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index e_vec0.f_elements j)) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -279,7 +278,7 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta let _:Prims.unit = Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> if x >=. (mk_i16 3329) then x -! (mk_i16 3329) else x) - v__vec0.f_elements) + e_vec0.f_elements) in vec @@ -325,7 +324,7 @@ let barrett_reduce_element (value: i16) = #push-options "--z3rlimit 150" let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -335,11 +334,11 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe (forall j. j < v i ==> (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j) /\ - v (Seq.index vec.f_elements j) % 3329 == (v (Seq.index v__vec0.f_elements j) % 3329) - )) /\ + v (Seq.index vec.f_elements j) % 3329 == (v (Seq.index e_vec0.f_elements j) % 3329)) + ) /\ (forall j. j >= v i ==> - (Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j /\ + (Seq.index vec.f_elements j == Seq.index e_vec0.f_elements j /\ Spec.Utils.is_i16b 28296 (Seq.index vec.f_elements j)))) vec (fun vec i -> @@ -487,7 +486,7 @@ let montgomery_multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let e_vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (mk_usize 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR @@ -498,8 +497,8 @@ let montgomery_multiply_by_constant j < v i ==> (let vecj = Seq.index vec.f_elements j in (Spec.Utils.is_i16b 3328 vecj /\ - v vecj % 3329 == (v (Seq.index v__vec0.f_elements j) * v c * 169) % 3329))) /\ - (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) + v vecj % 3329 == (v (Seq.index e_vec0.f_elements j) * v c * 169) % 3329))) /\ + (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index e_vec0.f_elements j))) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti index fdd445812..4d7f04222 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti @@ -44,7 +44,7 @@ val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) let result:i16 = result in result >=. mk_i16 0 && result <. - (Core.Num.impl__i16__pow (mk_i16 2) (cast (coefficient_bits <: u8) <: u32) <: i16)) + (Core.Num.impl_i16__pow (mk_i16 2) (cast (coefficient_bits <: u8) <: u32) <: i16)) val compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 9c235b4b2..a038b901a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -418,9 +418,9 @@ let ntt_multiply_binomials let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 ai bi in let ai_bi:i32 = (cast (ai <: i16) <: i32) *! (cast (bi <: i16) <: i32) in let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 aj bj in - let aj_bj___:i32 = (cast (aj <: i16) <: i32) *! (cast (bj <: i16) <: i32) in + let aj_bj_:i32 = (cast (aj <: i16) <: i32) *! (cast (bj <: i16) <: i32) in let _:Prims.unit = assert_norm (3328 * 3328 <= 3328 * pow2 15) in - let aj_bj:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element aj_bj___ in + let aj_bj:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element aj_bj_ in let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 1664 aj_bj zeta in let aj_bj_zeta:i32 = (cast (aj_bj <: i16) <: i32) *! (cast (zeta <: i16) <: i32) in let ai_bi_aj_bj:i32 = ai_bi +! aj_bj_zeta in @@ -444,9 +444,9 @@ let ntt_multiply_binomials ((((v ai * v bi) + ((v aj_bj * v zeta) % 3329)) % 3329) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj_bj) (v zeta) 3329 } ((((v ai * v bi) + (((v aj_bj % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; - ( == ) { assert (v aj_bj % 3329 == (v aj_bj___ * 169) % 3329) } - ((((v ai * v bi) + ((((v aj_bj___ * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; - ( == ) { assert (v aj_bj___ == v aj * v bj) } + ( == ) { assert (v aj_bj % 3329 == (v aj_bj_ * 169) % 3329) } + ((((v ai * v bi) + ((((v aj_bj_ * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { assert (v aj_bj_ == v aj * v bj) } ((((v ai * v bi) + ((((v aj * v bj * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj * v bj * 169) (v zeta) 3329 } ((((v ai * v bi) + (((v aj * v bj * 169 * v zeta) % 3329))) % 3329) * 169) % 3329; @@ -479,7 +479,7 @@ let ntt_multiply_binomials ((v ai * v bj + v aj * v bi) * 169) % 3329; } in - let v__out0:t_Array i16 (mk_usize 16) = + let e_out0:t_Array i16 (mk_usize 16) = out.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = @@ -513,7 +513,7 @@ let ntt_multiply_binomials assert (Seq.index out.f_elements (2 * v i + 1) == o1); assert (Spec.Utils.is_i16b_array 3328 out.f_elements); assert (forall k. - (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index v__out0 k) + (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index e_out0 k) in let _:Prims.unit = admit () (* Panic freedom *) in out @@ -526,10 +526,10 @@ let ntt_multiply (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) = - let nzeta0:i16 = Core.Ops.Arith.Neg.neg zeta0 in - let nzeta1:i16 = Core.Ops.Arith.Neg.neg zeta1 in - let nzeta2:i16 = Core.Ops.Arith.Neg.neg zeta2 in - let nzeta3:i16 = Core.Ops.Arith.Neg.neg zeta3 in + let nzeta0:i16 = Core.Ops.Arith.f_neg zeta0 in + let nzeta1:i16 = Core.Ops.Arith.f_neg zeta1 in + let nzeta2:i16 = Core.Ops.Arith.f_neg zeta2 in + let nzeta3:i16 = Core.Ops.Arith.f_neg zeta3 in let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta0) in let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta1) in let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta2) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 6f0be6123..14135d831 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -3,404 +3,7 @@ module Libcrux_ml_kem.Vector.Portable.Serialize open Core open FStar.Mul -let serialize_4_int (v: t_Slice i16) = - let result0:u8 = - ((cast (v.[ mk_usize 1 ] <: i16) <: u8) <>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in - let v2:i16 = cast ((bytes.[ mk_usize 1 ] <: u8) &. mk_u8 15 <: u8) <: i16 in - let v3:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in - let v4:i16 = cast ((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <: i16 in - let v5:i16 = cast (((bytes.[ mk_usize 2 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in - let v6:i16 = cast ((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 15 <: u8) <: i16 in - let v7:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let serialize_5_int (v: t_Slice i16) = - let r0:u8 = - cast ((v.[ mk_usize 0 ] <: i16) |. ((v.[ mk_usize 1 ] <: i16) <>! mk_i32 3 <: i16) |. - ((v.[ mk_usize 2 ] <: i16) <>! mk_i32 1 <: i16) |. - ((v.[ mk_usize 4 ] <: i16) <>! mk_i32 4 <: i16) |. - ((v.[ mk_usize 5 ] <: i16) <>! mk_i32 2 <: i16) |. - ((v.[ mk_usize 7 ] <: i16) <>! mk_i32 5 <: u8) - <: - u8) - <: - i16 - in - let v2:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 31 <: u8) <: i16 in - let v3:i16 = - cast ((((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <>! mk_i32 7 <: u8) - <: - u8) - <: - i16 - in - let v4:i16 = - cast ((((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 1 <: u8) <>! mk_i32 4 <: u8) - <: - u8) - <: - i16 - in - let v5:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 31 <: u8) <: i16 in - let v6:i16 = - cast ((((bytes.[ mk_usize 4 ] <: u8) &. mk_u8 7 <: u8) <>! mk_i32 6 <: u8) - <: - u8) - <: - i16 - in - let v7:i16 = cast ((bytes.[ mk_usize 4 ] <: u8) >>! mk_i32 3 <: u8) <: i16 in - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let deserialize_5_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { - Core.Ops.Range.f_start = mk_usize 0; - Core.Ops.Range.f_end = mk_usize 5 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { - Core.Ops.Range.f_start = mk_usize 5; - Core.Ops.Range.f_end = mk_usize 10 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - -let serialize_10_int (v: t_Slice i16) = - let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in - let r1:u8 = - ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 8 <: i16) &. mk_i16 3 <: i16) <: u8) - in - let r2:u8 = - ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 6 <: i16) &. mk_i16 15 <: i16) <: u8) - in - let r3:u8 = - ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 4 <: i16) &. mk_i16 63 <: i16) <: u8) - in - let r4:u8 = cast (((v.[ mk_usize 3 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in - r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) - -let deserialize_10_int (bytes: t_Slice u8) = - let r0:i16 = - (((cast (bytes.[ mk_usize 1 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 2 <: i16) - in - let r2:i16 = - (((cast (bytes.[ mk_usize 3 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) - in - let r3:i16 = - ((cast (bytes.[ mk_usize 4 ] <: u8) <: i16) <>! mk_i32 6 <: i16) - in - let r4:i16 = - (((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 2 <: i16) - in - let r6:i16 = - (((cast (bytes.[ mk_usize 8 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) - in - let r7:i16 = - ((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) <>! mk_i32 6 <: i16) - in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let serialize_11_int (v: t_Slice i16) = - let r0:u8 = cast (v.[ mk_usize 0 ] <: i16) <: u8 in - let r1:u8 = - ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 31 <: i16) <: u8) <>! mk_i32 8 <: i16) <: u8) - in - let r2:u8 = - ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 5 <: i16) <: u8) - in - let r3:u8 = cast (((v.[ mk_usize 2 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in - let r4:u8 = - ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 127 <: i16) <: u8) <>! mk_i32 10 <: i16) <: u8) - in - let r5:u8 = - ((cast ((v.[ mk_usize 4 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 7 <: i16) <: u8) - in - let r6:u8 = - ((cast ((v.[ mk_usize 5 ] <: i16) &. mk_i16 1 <: i16) <: u8) <>! mk_i32 4 <: i16) <: u8) - in - let r7:u8 = cast (((v.[ mk_usize 5 ] <: i16) >>! mk_i32 1 <: i16) &. mk_i16 255 <: i16) <: u8 in - let r8:u8 = - ((cast ((v.[ mk_usize 6 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 9 <: i16) <: u8) - in - let r9:u8 = - ((cast ((v.[ mk_usize 7 ] <: i16) &. mk_i16 7 <: i16) <: u8) <>! mk_i32 6 <: i16) <: u8) - in - let r10:u8 = cast ((v.[ mk_usize 7 ] <: i16) >>! mk_i32 3 <: i16) <: u8 in - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = mk_usize 0; - Core.Ops.Range.f_end = mk_usize 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = mk_usize 8; - Core.Ops.Range.f_end = mk_usize 16 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let list = - [ - r0_10_._1; r0_10_._2; r0_10_._3; r0_10_._4; r0_10_._5; r0_10_._6; r0_10_._7; r0_10_._8; - r0_10_._9; r0_10_._10; r0_10_._11; r11_21_._1; r11_21_._2; r11_21_._3; r11_21_._4; r11_21_._5; - r11_21_._6; r11_21_._7; r11_21_._8; r11_21_._9; r11_21_._10; r11_21_._11 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 22); - Rust_primitives.Hax.array_of_list 22 list - -let deserialize_11_int (bytes: t_Slice u8) = - let r0:i16 = - (((cast (bytes.[ mk_usize 1 ] <: u8) <: i16) &. mk_i16 7 <: i16) <>! mk_i32 3 <: i16) - in - let r2:i16 = - ((((cast (bytes.[ mk_usize 4 ] <: u8) <: i16) &. mk_i16 1 <: i16) <>! mk_i32 6 <: i16) - in - let r3:i16 = - (((cast (bytes.[ mk_usize 5 ] <: u8) <: i16) &. mk_i16 15 <: i16) <>! mk_i32 1 <: i16) - in - let r4:i16 = - (((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) &. mk_i16 127 <: i16) <>! mk_i32 4 <: i16) - in - let r5:i16 = - ((((cast (bytes.[ mk_usize 8 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 7 <: i16) - in - let r6:i16 = - (((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) &. mk_i16 31 <: i16) <>! mk_i32 2 <: i16) - in - let r7:i16 = - ((cast (bytes.[ mk_usize 10 ] <: u8) <: i16) <>! mk_i32 5 <: i16) - in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { - Core.Ops.Range.f_start = mk_usize 0; - Core.Ops.Range.f_end = mk_usize 11 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { - Core.Ops.Range.f_start = mk_usize 11; - Core.Ops.Range.f_end = mk_usize 22 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - -let serialize_12_int (v: t_Slice i16) = - let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in - let r1:u8 = - cast (((v.[ mk_usize 0 ] <: i16) >>! mk_i32 8 <: i16) |. - (((v.[ mk_usize 1 ] <: i16) &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) &. mk_i16 255 <: i16) <: u8 in - r0, r1, r2 <: (u8 & u8 & u8) - -let deserialize_12_int (bytes: t_Slice u8) = - let byte0:i16 = cast (bytes.[ mk_usize 0 ] <: u8) <: i16 in - let byte1:i16 = cast (bytes.[ mk_usize 1 ] <: u8) <: i16 in - let byte2:i16 = cast (bytes.[ mk_usize 2 ] <: u8) <: i16 in - let r0:i16 = ((byte1 &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) &. mk_i16 15 <: i16) in - r0, r1 <: (i16 & i16) - -let rec serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = +let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0:u8 = (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ mk_usize 0 ] <: i16) <: @@ -541,7 +144,7 @@ let serialize_1_lemma inputs = #pop-options -let rec deserialize_1_ (v: t_Slice u8) = +let deserialize_1_ (v: t_Slice u8) = let result0:i16 = cast ((v.[ mk_usize 0 ] <: u8) &. mk_u8 1 <: u8) <: i16 in let result1:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 1 <: u8) <: i16 in let result2:i16 = cast (((v.[ mk_usize 0 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 1 <: u8) <: i16 in @@ -597,7 +200,26 @@ let deserialize_1_lemma inputs = let deserialize_1_bounded_lemma inputs = admit() -let rec serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = +let serialize_4_int (v: t_Slice i16) = + let result0:u8 = + ((cast (v.[ mk_usize 1 ] <: i16) <: u8) <>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v2:i16 = cast ((bytes.[ mk_usize 1 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v3:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v4:i16 = cast ((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v5:i16 = cast (((bytes.[ mk_usize 2 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + let v6:i16 = cast ((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 15 <: u8) <: i16 in + let v7:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 4 <: u8) &. mk_u8 15 <: u8) <: i16 in + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +let deserialize_4_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_4_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 4 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_4_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 4; + Core.Ops.Range.f_end = mk_usize 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let deserialize_4_bounded_lemma inputs = + admit() + +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" + +let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (deserialize_4_ v).f_elements 4 in + (forall (i: nat {i < 64}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options + +#push-options "--z3rlimit 300" + +let deserialize_4_lemma inputs = + deserialize_4_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options + +let serialize_5_int (v: t_Slice i16) = + let r0:u8 = + cast ((v.[ mk_usize 0 ] <: i16) |. ((v.[ mk_usize 1 ] <: i16) <>! mk_i32 3 <: i16) |. + ((v.[ mk_usize 2 ] <: i16) <>! mk_i32 1 <: i16) |. + ((v.[ mk_usize 4 ] <: i16) <>! mk_i32 4 <: i16) |. + ((v.[ mk_usize 5 ] <: i16) <>! mk_i32 2 <: i16) |. + ((v.[ mk_usize 7 ] <: i16) <>! mk_i32 5 <: u8) + <: + u8) + <: + i16 + in + let v2:i16 = cast (((bytes.[ mk_usize 1 ] <: u8) >>! mk_i32 2 <: u8) &. mk_u8 31 <: u8) <: i16 in + let v3:i16 = + cast ((((bytes.[ mk_usize 2 ] <: u8) &. mk_u8 15 <: u8) <>! mk_i32 7 <: u8) + <: + u8) + <: + i16 + in + let v4:i16 = + cast ((((bytes.[ mk_usize 3 ] <: u8) &. mk_u8 1 <: u8) <>! mk_i32 4 <: u8) + <: + u8) + <: + i16 + in + let v5:i16 = cast (((bytes.[ mk_usize 3 ] <: u8) >>! mk_i32 1 <: u8) &. mk_u8 31 <: u8) <: i16 in + let v6:i16 = + cast ((((bytes.[ mk_usize 4 ] <: u8) &. mk_u8 7 <: u8) <>! mk_i32 6 <: u8) + <: + u8) + <: + i16 + in + let v7:i16 = cast ((bytes.[ mk_usize 4 ] <: u8) >>! mk_i32 3 <: u8) <: i16 in + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +let deserialize_5_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_4_int (bytes.[ { + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = mk_usize 0; - Core.Ops.Range.f_end = mk_usize 4 + Core.Ops.Range.f_end = mk_usize 5 } <: Core.Ops.Range.t_Range usize ] @@ -667,9 +473,9 @@ let rec deserialize_4_ (bytes: t_Slice u8) = t_Slice u8) in let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_4_int (bytes.[ { - Core.Ops.Range.f_start = mk_usize 4; - Core.Ops.Range.f_end = mk_usize 8 + deserialize_5_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 5; + Core.Ops.Range.f_end = mk_usize 10 } <: Core.Ops.Range.t_Range usize ] @@ -691,31 +497,24 @@ let rec deserialize_4_ (bytes: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -let deserialize_4_bounded_lemma inputs = - admit() - -#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" - -let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) - : squash ( - let inputs = bit_vec_of_int_t_array v 8 in - let outputs = bit_vec_of_int_t_array (deserialize_4_ v).f_elements 4 in - (forall (i: nat {i < 64}). inputs i == outputs i) - ) = - _ by (Tactics.GetBit.prove_bit_vector_equality' ()) - -#pop-options - -#push-options "--z3rlimit 300" - -let deserialize_4_lemma inputs = - deserialize_4_bit_vec_lemma inputs; - BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4) - (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) - -#pop-options +let serialize_10_int (v: t_Slice i16) = + let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in + let r1:u8 = + ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 8 <: i16) &. mk_i16 3 <: i16) <: u8) + in + let r2:u8 = + ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 6 <: i16) &. mk_i16 15 <: i16) <: u8) + in + let r3:u8 = + ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 4 <: i16) &. mk_i16 63 <: i16) <: u8) + in + let r4:u8 = cast (((v.[ mk_usize 3 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in + r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) -let rec serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = +let serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_4_:(u8 & u8 & u8 & u8 & u8) = serialize_10_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { Core.Ops.Range.f_start = mk_usize 0; @@ -788,7 +587,42 @@ let serialize_10_lemma inputs = #pop-options -let rec deserialize_10_ (bytes: t_Slice u8) = +let deserialize_10_int (bytes: t_Slice u8) = + let r0:i16 = + (((cast (bytes.[ mk_usize 1 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 2 <: i16) + in + let r2:i16 = + (((cast (bytes.[ mk_usize 3 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) + in + let r3:i16 = + ((cast (bytes.[ mk_usize 4 ] <: u8) <: i16) <>! mk_i32 6 <: i16) + in + let r4:i16 = + (((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 2 <: i16) + in + let r6:i16 = + (((cast (bytes.[ mk_usize 8 ] <: u8) <: i16) &. mk_i16 63 <: i16) <>! mk_i32 4 <: i16) + in + let r7:i16 = + ((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) <>! mk_i32 6 <: i16) + in + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +let deserialize_10_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = mk_usize 0; @@ -848,7 +682,165 @@ let deserialize_10_lemma inputs = let deserialize_10_bounded_lemma inputs = admit() -let rec serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = +let serialize_11_int (v: t_Slice i16) = + let r0:u8 = cast (v.[ mk_usize 0 ] <: i16) <: u8 in + let r1:u8 = + ((cast ((v.[ mk_usize 1 ] <: i16) &. mk_i16 31 <: i16) <: u8) <>! mk_i32 8 <: i16) <: u8) + in + let r2:u8 = + ((cast ((v.[ mk_usize 2 ] <: i16) &. mk_i16 3 <: i16) <: u8) <>! mk_i32 5 <: i16) <: u8) + in + let r3:u8 = cast (((v.[ mk_usize 2 ] <: i16) >>! mk_i32 2 <: i16) &. mk_i16 255 <: i16) <: u8 in + let r4:u8 = + ((cast ((v.[ mk_usize 3 ] <: i16) &. mk_i16 127 <: i16) <: u8) <>! mk_i32 10 <: i16) <: u8) + in + let r5:u8 = + ((cast ((v.[ mk_usize 4 ] <: i16) &. mk_i16 15 <: i16) <: u8) <>! mk_i32 7 <: i16) <: u8) + in + let r6:u8 = + ((cast ((v.[ mk_usize 5 ] <: i16) &. mk_i16 1 <: i16) <: u8) <>! mk_i32 4 <: i16) <: u8) + in + let r7:u8 = cast (((v.[ mk_usize 5 ] <: i16) >>! mk_i32 1 <: i16) &. mk_i16 255 <: i16) <: u8 in + let r8:u8 = + ((cast ((v.[ mk_usize 6 ] <: i16) &. mk_i16 63 <: i16) <: u8) <>! mk_i32 9 <: i16) <: u8) + in + let r9:u8 = + ((cast ((v.[ mk_usize 7 ] <: i16) &. mk_i16 7 <: i16) <: u8) <>! mk_i32 6 <: i16) <: u8) + in + let r10:u8 = cast ((v.[ mk_usize 7 ] <: i16) >>! mk_i32 3 <: i16) <: u8 in + r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 + <: + (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) + +let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = mk_usize 8; + Core.Ops.Range.f_end = mk_usize 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let list = + [ + r0_10_._1; r0_10_._2; r0_10_._3; r0_10_._4; r0_10_._5; r0_10_._6; r0_10_._7; r0_10_._8; + r0_10_._9; r0_10_._10; r0_10_._11; r11_21_._1; r11_21_._2; r11_21_._3; r11_21_._4; r11_21_._5; + r11_21_._6; r11_21_._7; r11_21_._8; r11_21_._9; r11_21_._10; r11_21_._11 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 22); + Rust_primitives.Hax.array_of_list 22 list + +let deserialize_11_int (bytes: t_Slice u8) = + let r0:i16 = + (((cast (bytes.[ mk_usize 1 ] <: u8) <: i16) &. mk_i16 7 <: i16) <>! mk_i32 3 <: i16) + in + let r2:i16 = + ((((cast (bytes.[ mk_usize 4 ] <: u8) <: i16) &. mk_i16 1 <: i16) <>! mk_i32 6 <: i16) + in + let r3:i16 = + (((cast (bytes.[ mk_usize 5 ] <: u8) <: i16) &. mk_i16 15 <: i16) <>! mk_i32 1 <: i16) + in + let r4:i16 = + (((cast (bytes.[ mk_usize 6 ] <: u8) <: i16) &. mk_i16 127 <: i16) <>! mk_i32 4 <: i16) + in + let r5:i16 = + ((((cast (bytes.[ mk_usize 8 ] <: u8) <: i16) &. mk_i16 3 <: i16) <>! mk_i32 7 <: i16) + in + let r6:i16 = + (((cast (bytes.[ mk_usize 9 ] <: u8) <: i16) &. mk_i16 31 <: i16) <>! mk_i32 2 <: i16) + in + let r7:i16 = + ((cast (bytes.[ mk_usize 10 ] <: u8) <: i16) <>! mk_i32 5 <: i16) + in + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +let deserialize_11_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 0; + Core.Ops.Range.f_end = mk_usize 11 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { + Core.Ops.Range.f_start = mk_usize 11; + Core.Ops.Range.f_end = mk_usize 22 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let serialize_12_int (v: t_Slice i16) = + let r0:u8 = cast ((v.[ mk_usize 0 ] <: i16) &. mk_i16 255 <: i16) <: u8 in + let r1:u8 = + cast (((v.[ mk_usize 0 ] <: i16) >>! mk_i32 8 <: i16) |. + (((v.[ mk_usize 1 ] <: i16) &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) &. mk_i16 255 <: i16) <: u8 in + r0, r1, r2 <: (u8 & u8 & u8) + +let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_2_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { Core.Ops.Range.f_start = mk_usize 0; @@ -961,7 +953,15 @@ let serialize_12_lemma inputs = #pop-options -let rec deserialize_12_ (bytes: t_Slice u8) = +let deserialize_12_int (bytes: t_Slice u8) = + let byte0:i16 = cast (bytes.[ mk_usize 0 ] <: u8) <: i16 in + let byte1:i16 = cast (bytes.[ mk_usize 1 ] <: u8) <: i16 in + let byte2:i16 = cast (bytes.[ mk_usize 2 ] <: u8) <: i16 in + let r0:i16 = ((byte1 &. mk_i16 15 <: i16) <>! mk_i32 4 <: i16) &. mk_i16 15 <: i16) in + r0, r1 <: (i16 & i16) + +let deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = mk_usize 0; diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 059e4bb4e..b2b1e7f16 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -3,16 +3,52 @@ module Libcrux_ml_kem.Vector.Portable.Serialize open Core open FStar.Mul +val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (mk_usize 2)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) + (ensures bit_vec_of_int_t_array (serialize_1_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 1) + +val deserialize_1_ (v: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 v <: usize) =. mk_usize 2) + (fun _ -> Prims.l_True) + +val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_1_ inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) + +val deserialize_1_bounded_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_1_ inputs).f_elements i) 1) + val serialize_4_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8) (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) (fun _ -> Prims.l_True) +val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (mk_usize 8)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) + (ensures bit_vec_of_int_t_array (serialize_4_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) + val deserialize_4_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 4) (fun _ -> Prims.l_True) +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8) + (fun _ -> Prims.l_True) + +val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_4_ inputs).f_elements i) 4) + +val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) + val serialize_5_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) @@ -36,11 +72,29 @@ val serialize_10_int (v: t_Slice i16) (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 4) (fun _ -> Prims.l_True) +val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (mk_usize 20)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) + (ensures bit_vec_of_int_t_array (serialize_10_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) + val deserialize_10_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 10) (fun _ -> Prims.l_True) +val deserialize_10_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20) + (fun _ -> Prims.l_True) + +val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) + +val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_10_ inputs).f_elements i) 10) + val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 8) @@ -64,65 +118,6 @@ val serialize_12_int (v: t_Slice i16) (requires (Core.Slice.impl__len #i16 v <: usize) =. mk_usize 2) (fun _ -> Prims.l_True) -val deserialize_12_int (bytes: t_Slice u8) - : Prims.Pure (i16 & i16) - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 3) - (fun _ -> Prims.l_True) - -val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (mk_usize 2)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma - (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) - (ensures bit_vec_of_int_t_array (serialize_1_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 1) - -val deserialize_1_ (v: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 v <: usize) =. mk_usize 2) - (fun _ -> Prims.l_True) - -val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma - (ensures bit_vec_of_int_t_array (deserialize_1_ inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) - -val deserialize_1_bounded_lemma (inputs: t_Array u8 (sz 2)) : Lemma - (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_1_ inputs).f_elements i) 1) - -val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (mk_usize 8)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma - (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) - (ensures bit_vec_of_int_t_array (serialize_4_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) - -val deserialize_4_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 8) - (fun _ -> Prims.l_True) - -val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma - (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_4_ inputs).f_elements i) 4) - -val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma - (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) - -val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (mk_usize 20)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma - (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) - (ensures bit_vec_of_int_t_array (serialize_10_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) - -val deserialize_10_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 20) - (fun _ -> Prims.l_True) - -val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma - (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) - -val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma - (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_10_ inputs).f_elements i) 10) - val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (mk_usize 24)) Prims.l_True (fun _ -> Prims.l_True) @@ -130,6 +125,11 @@ val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Por (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) (ensures bit_vec_of_int_t_array (serialize_12_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 12) +val deserialize_12_int (bytes: t_Slice u8) + : Prims.Pure (i16 & i16) + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 3) + (fun _ -> Prims.l_True) + val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires (Core.Slice.impl__len #u8 bytes <: usize) =. mk_usize 24) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst index f23a5327e..43ae7e0b3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst @@ -223,11 +223,11 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Libcrux_ml_kem.Vector.Portable.Arithmetic.shift_right v_SHIFT_BY v); - f_cond_subtract_3329_pre + f_cond_subtract_3329__pre = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr v)); - f_cond_subtract_3329_post + f_cond_subtract_3329__post = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -271,12 +271,12 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (r: i16) -> Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_by_constant v r); - f_compress_1_pre + f_compress_1__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> forall (i: nat). i < 16 ==> v (Seq.index (impl.f_repr a) i) >= 0 /\ v (Seq.index (impl.f_repr a) i) < 3329); - f_compress_1_post + f_compress_1__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -531,11 +531,11 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta3: i16) -> Libcrux_ml_kem.Vector.Portable.Ntt.ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3); - f_serialize_1_pre + f_serialize_1__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr a)); - f_serialize_1_post + f_serialize_1__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -546,19 +546,19 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_1_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_1_ a); - f_deserialize_1_pre + f_deserialize_1__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 2); - f_deserialize_1_post + f_deserialize_1__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out)); f_deserialize_1_ = (fun (a: t_Slice u8) -> deserialize_1_ a); - f_serialize_4_pre + f_serialize_4__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr a)); - f_serialize_4_post + f_serialize_4__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -569,18 +569,18 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_4_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_4_ a); - f_deserialize_4_pre + f_deserialize_4__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 8); - f_deserialize_4_post + f_deserialize_4__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out)); f_deserialize_4_ = (fun (a: t_Slice u8) -> deserialize_4_ a); - f_serialize_5_pre + f_serialize_5__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); - f_serialize_5_post + f_serialize_5__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -590,18 +590,18 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_5_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_5_ a); - f_deserialize_5_pre + f_deserialize_5__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 10); - f_deserialize_5_post + f_deserialize_5__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); f_deserialize_5_ = (fun (a: t_Slice u8) -> deserialize_5_ a); - f_serialize_10_pre + f_serialize_10__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr a)); - f_serialize_10_post + f_serialize_10__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -612,18 +612,18 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_10_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_10_ a); - f_deserialize_10_pre + f_deserialize_10__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 20); - f_deserialize_10_post + f_deserialize_10__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out)); f_deserialize_10_ = (fun (a: t_Slice u8) -> deserialize_10_ a); - f_serialize_11_pre + f_serialize_11__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); - f_serialize_11_post + f_serialize_11__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -633,18 +633,18 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_11_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_11_ a); - f_deserialize_11_pre + f_deserialize_11__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 22); - f_deserialize_11_post + f_deserialize_11__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); f_deserialize_11_ = (fun (a: t_Slice u8) -> deserialize_11_ a); - f_serialize_12_pre + f_serialize_12__pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr a)); - f_serialize_12_post + f_serialize_12__post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -655,10 +655,10 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_12_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_12_ a); - f_deserialize_12_pre + f_deserialize_12__pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24); - f_deserialize_12_post + f_deserialize_12__post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out)); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index ed03c1db0..98c7d8830 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -125,9 +125,9 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_shift_right_pre v_SHIFT_BY x0) (fun result -> f_shift_right_post v_SHIFT_BY x0 result); - f_cond_subtract_3329_pre:v: v_Self + f_cond_subtract_3329__pre:v: v_Self -> pred: Type0{Spec.Utils.is_i16b_array (pow2 12 - 1) (f_repr v) ==> pred}; - f_cond_subtract_3329_post:v: v_Self -> result: v_Self + f_cond_subtract_3329__post:v: v_Self -> result: v_Self -> pred: Type0 { pred ==> @@ -136,8 +136,8 @@ class t_Operations (v_Self: Type0) = { (f_repr v) }; f_cond_subtract_3329_:x0: v_Self -> Prims.Pure v_Self - (f_cond_subtract_3329_pre x0) - (fun result -> f_cond_subtract_3329_post x0 result); + (f_cond_subtract_3329__pre x0) + (fun result -> f_cond_subtract_3329__post x0 result); f_barrett_reduce_pre:vector: v_Self -> pred: Type0{Spec.Utils.is_i16b_array 28296 (f_repr vector) ==> pred}; f_barrett_reduce_post:v_Self -> v_Self -> Type0; @@ -150,16 +150,16 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_montgomery_multiply_by_constant_pre x0 x1) (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result); - f_compress_1_pre:a: v_Self + f_compress_1__pre:a: v_Self -> pred: Type0 { (forall (i: nat). i < 16 ==> v (Seq.index (f_repr a) i) >= 0 /\ v (Seq.index (f_repr a) i) < 3329) ==> pred }; - f_compress_1_post:a: v_Self -> result: v_Self + f_compress_1__post:a: v_Self -> result: v_Self -> pred: Type0{pred ==> (forall (i: nat). i < 16 ==> bounded (Seq.index (f_repr result) i) 1)}; f_compress_1_:x0: v_Self - -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); + -> Prims.Pure v_Self (f_compress_1__pre x0) (fun result -> f_compress_1__post x0 result); f_compress_pre:v_COEFFICIENT_BITS: i32 -> a: v_Self -> pred: Type0 @@ -303,53 +303,53 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); - f_serialize_1_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 1 (f_repr a) ==> pred}; - f_serialize_1_post:a: v_Self -> result: t_Array u8 (mk_usize 2) + f_serialize_1__pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 1 (f_repr a) ==> pred}; + f_serialize_1__post:a: v_Self -> result: t_Array u8 (mk_usize 2) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 1 (f_repr a) ==> Spec.MLKEM.serialize_post 1 (f_repr a) result }; f_serialize_1_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 2)) - (f_serialize_1_pre x0) - (fun result -> f_serialize_1_post x0 result); - f_deserialize_1_pre:a: t_Slice u8 + (f_serialize_1__pre x0) + (fun result -> f_serialize_1__post x0 result); + f_deserialize_1__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 2 ==> pred}; - f_deserialize_1_post:a: t_Slice u8 -> result: v_Self + f_deserialize_1__post:a: t_Slice u8 -> result: v_Self -> pred: Type0{pred ==> sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (f_repr result)}; f_deserialize_1_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); - f_serialize_4_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 4 (f_repr a) ==> pred}; - f_serialize_4_post:a: v_Self -> result: t_Array u8 (mk_usize 8) + -> Prims.Pure v_Self (f_deserialize_1__pre x0) (fun result -> f_deserialize_1__post x0 result); + f_serialize_4__pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 4 (f_repr a) ==> pred}; + f_serialize_4__post:a: v_Self -> result: t_Array u8 (mk_usize 8) -> pred: Type0 { pred ==> Spec.MLKEM.serialize_pre 4 (f_repr a) ==> Spec.MLKEM.serialize_post 4 (f_repr a) result }; f_serialize_4_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 8)) - (f_serialize_4_pre x0) - (fun result -> f_serialize_4_post x0 result); - f_deserialize_4_pre:a: t_Slice u8 + (f_serialize_4__pre x0) + (fun result -> f_serialize_4__post x0 result); + f_deserialize_4__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 8 ==> pred}; - f_deserialize_4_post:a: t_Slice u8 -> result: v_Self + f_deserialize_4__post:a: t_Slice u8 -> result: v_Self -> pred: Type0{pred ==> sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (f_repr result)}; f_deserialize_4_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); - f_serialize_5_pre:v_Self -> Type0; - f_serialize_5_post:v_Self -> t_Array u8 (mk_usize 10) -> Type0; + -> Prims.Pure v_Self (f_deserialize_4__pre x0) (fun result -> f_deserialize_4__post x0 result); + f_serialize_5__pre:v_Self -> Type0; + f_serialize_5__post:v_Self -> t_Array u8 (mk_usize 10) -> Type0; f_serialize_5_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 10)) - (f_serialize_5_pre x0) - (fun result -> f_serialize_5_post x0 result); - f_deserialize_5_pre:a: t_Slice u8 + (f_serialize_5__pre x0) + (fun result -> f_serialize_5__post x0 result); + f_deserialize_5__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 10 ==> pred}; - f_deserialize_5_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_5__post:t_Slice u8 -> v_Self -> Type0; f_deserialize_5_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); - f_serialize_10_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 10 (f_repr a) ==> pred}; - f_serialize_10_post:a: v_Self -> result: t_Array u8 (mk_usize 20) + -> Prims.Pure v_Self (f_deserialize_5__pre x0) (fun result -> f_deserialize_5__post x0 result); + f_serialize_10__pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 10 (f_repr a) ==> pred}; + f_serialize_10__post:a: v_Self -> result: t_Array u8 (mk_usize 20) -> pred: Type0 { pred ==> @@ -357,29 +357,29 @@ class t_Operations (v_Self: Type0) = { }; f_serialize_10_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 20)) - (f_serialize_10_pre x0) - (fun result -> f_serialize_10_post x0 result); - f_deserialize_10_pre:a: t_Slice u8 + (f_serialize_10__pre x0) + (fun result -> f_serialize_10__post x0 result); + f_deserialize_10__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 20 ==> pred}; - f_deserialize_10_post:a: t_Slice u8 -> result: v_Self + f_deserialize_10__post:a: t_Slice u8 -> result: v_Self -> pred: Type0 {pred ==> sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (f_repr result)}; f_deserialize_10_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); - f_serialize_11_pre:v_Self -> Type0; - f_serialize_11_post:v_Self -> t_Array u8 (mk_usize 22) -> Type0; + -> Prims.Pure v_Self (f_deserialize_10__pre x0) (fun result -> f_deserialize_10__post x0 result); + f_serialize_11__pre:v_Self -> Type0; + f_serialize_11__post:v_Self -> t_Array u8 (mk_usize 22) -> Type0; f_serialize_11_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 22)) - (f_serialize_11_pre x0) - (fun result -> f_serialize_11_post x0 result); - f_deserialize_11_pre:a: t_Slice u8 + (f_serialize_11__pre x0) + (fun result -> f_serialize_11__post x0 result); + f_deserialize_11__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 22 ==> pred}; - f_deserialize_11_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_11__post:t_Slice u8 -> v_Self -> Type0; f_deserialize_11_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); - f_serialize_12_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 12 (f_repr a) ==> pred}; - f_serialize_12_post:a: v_Self -> result: t_Array u8 (mk_usize 24) + -> Prims.Pure v_Self (f_deserialize_11__pre x0) (fun result -> f_deserialize_11__post x0 result); + f_serialize_12__pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 12 (f_repr a) ==> pred}; + f_serialize_12__post:a: v_Self -> result: t_Array u8 (mk_usize 24) -> pred: Type0 { pred ==> @@ -387,16 +387,16 @@ class t_Operations (v_Self: Type0) = { }; f_serialize_12_:x0: v_Self -> Prims.Pure (t_Array u8 (mk_usize 24)) - (f_serialize_12_pre x0) - (fun result -> f_serialize_12_post x0 result); - f_deserialize_12_pre:a: t_Slice u8 + (f_serialize_12__pre x0) + (fun result -> f_serialize_12__post x0 result); + f_deserialize_12__pre:a: t_Slice u8 -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. mk_usize 24 ==> pred}; - f_deserialize_12_post:a: t_Slice u8 -> result: v_Self + f_deserialize_12__post:a: t_Slice u8 -> result: v_Self -> pred: Type0 {pred ==> sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (f_repr result)}; f_deserialize_12_:x0: t_Slice u8 - -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); + -> Prims.Pure v_Self (f_deserialize_12__pre x0) (fun result -> f_deserialize_12__post x0 result); f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0