From fa63aeb09ab43f2033c79105535904a1edf1b200 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 10 Oct 2024 06:01:18 +0000 Subject: [PATCH 01/17] expose serialize secret key for unpacked keys --- libcrux-ml-kem/src/ind_cca.rs | 96 ++++++++++++++++++++++++++------- libcrux-ml-kem/src/ind_cpa.rs | 21 ++++++++ libcrux-ml-kem/src/mlkem1024.rs | 2 +- libcrux-ml-kem/src/mlkem512.rs | 2 +- libcrux-ml-kem/src/mlkem768.rs | 7 ++- 5 files changed, 106 insertions(+), 22 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index b905b706f..714e45c23 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -35,21 +35,41 @@ pub(crate) mod instantiations; /// Serialize the secret key. #[inline(always)] -fn serialize_kem_secret_key>( +fn serialize_kem_secret_key_mut< + const K: usize, + const SERIALIZED_KEY_LEN: usize, + Hasher: Hash, +>( private_key: &[u8], public_key: &[u8], implicit_rejection_value: &[u8], -) -> [u8; SERIALIZED_KEY_LEN] { - let mut out = [0u8; SERIALIZED_KEY_LEN]; + serialized: &mut [u8; SERIALIZED_KEY_LEN], +) { let mut pointer = 0; - out[pointer..pointer + private_key.len()].copy_from_slice(private_key); + serialized[pointer..pointer + private_key.len()].copy_from_slice(private_key); pointer += private_key.len(); - out[pointer..pointer + public_key.len()].copy_from_slice(public_key); + serialized[pointer..pointer + public_key.len()].copy_from_slice(public_key); pointer += public_key.len(); - out[pointer..pointer + H_DIGEST_SIZE].copy_from_slice(&Hasher::H(public_key)); + serialized[pointer..pointer + H_DIGEST_SIZE].copy_from_slice(&Hasher::H(public_key)); pointer += H_DIGEST_SIZE; - out[pointer..pointer + implicit_rejection_value.len()] + serialized[pointer..pointer + implicit_rejection_value.len()] .copy_from_slice(implicit_rejection_value); +} + +/// Serialize the secret key. +#[inline(always)] +fn serialize_kem_secret_key>( + private_key: &[u8], + public_key: &[u8], + implicit_rejection_value: &[u8], +) -> [u8; SERIALIZED_KEY_LEN] { + let mut out = [0u8; SERIALIZED_KEY_LEN]; + serialize_kem_secret_key_mut::( + private_key, + public_key, + implicit_rejection_value, + &mut out, + ); out } @@ -285,7 +305,8 @@ pub(crate) mod unpacked { constant_time_ops::{ compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, }, - ind_cpa::{generate_keypair_unpacked, serialize_public_key_mut, unpacked::*}, + hash_functions::portable::PortableHash, + ind_cpa::{self, generate_keypair_unpacked, serialize_public_key_mut, unpacked::*}, matrix::sample_matrix_A, polynomial::PolynomialRingElement, serialize::deserialize_ring_elements_reduced, @@ -293,6 +314,7 @@ pub(crate) mod unpacked { }; /// An unpacked ML-KEM IND-CCA Private Key + #[derive(Clone)] pub struct MlKemPrivateKeyUnpacked { pub(crate) ind_cpa_private_key: IndCpaPrivateKeyUnpacked, pub(crate) implicit_rejection_value: [u8; 32], @@ -341,7 +363,7 @@ pub(crate) mod unpacked { impl MlKemPublicKeyUnpacked { /// Get the serialized public key. #[inline(always)] - pub fn serialized_public_key_mut< + pub fn serialized_mut< const RANKED_BYTES_PER_RING_ELEMENT: usize, const PUBLIC_KEY_SIZE: usize, >( @@ -357,7 +379,7 @@ pub(crate) mod unpacked { /// Get the serialized public key. #[inline(always)] - pub fn serialized_public_key< + pub fn serialized< const RANKED_BYTES_PER_RING_ELEMENT: usize, const PUBLIC_KEY_SIZE: usize, >( @@ -398,9 +420,7 @@ pub(crate) mod unpacked { serialized: &mut MlKemPublicKey, ) { self.public_key - .serialized_public_key_mut::( - serialized, - ) + .serialized_mut::(serialized) } /// Get the serialized public key. @@ -412,7 +432,7 @@ pub(crate) mod unpacked { &self, ) -> MlKemPublicKey { self.public_key - .serialized_public_key::() + .serialized::() } /// Get the serialized public key. @@ -428,8 +448,46 @@ pub(crate) mod unpacked { } /// Get the serialized private key. - pub fn serialized_private_key(&self) -> MlKemPrivateKey { - todo!() + #[inline(always)] + pub fn serialized_private_key_mut< + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + >( + &self, + serialized: &mut MlKemPrivateKey, + ) { + let (pk, sk) = ind_cpa::serialize_unpacked_secret_key::< + K, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + RANKED_BYTES_PER_RING_ELEMENT, + Vector, + >( + self.public_key.ind_cpa_public_key.clone(), + self.private_key.ind_cpa_private_key.clone(), + ); + + serialize_kem_secret_key_mut::>( + &sk, + &pk, + &self.private_key.implicit_rejection_value, + &mut serialized.value, + ); + } + + /// Get the serialized private key. + #[inline(always)] + pub fn serialized_private_key< + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + >( + &self, + ) -> MlKemPrivateKey { + let mut sk = MlKemPrivateKey::default(); + self.serialized_private_key_mut::(&mut sk); + sk } } @@ -524,7 +582,7 @@ pub(crate) mod unpacked { let hashed = Hasher::G(&to_hash); let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); - let ciphertext = crate::ind_cpa::encrypt_unpacked::< + let ciphertext = ind_cpa::encrypt_unpacked::< K, CIPHERTEXT_SIZE, T_AS_NTT_ENCODED_SIZE, @@ -569,7 +627,7 @@ pub(crate) mod unpacked { key_pair: &MlKemKeyPairUnpacked, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { - let decrypted = crate::ind_cpa::decrypt_unpacked::< + let decrypted = ind_cpa::decrypt_unpacked::< K, CIPHERTEXT_SIZE, C1_SIZE, @@ -589,7 +647,7 @@ pub(crate) mod unpacked { to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); - let expected_ciphertext = crate::ind_cpa::encrypt_unpacked::< + let expected_ciphertext = ind_cpa::encrypt_unpacked::< K, CIPHERTEXT_SIZE, T_AS_NTT_ENCODED_SIZE, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 5a2367195..e871c6964 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -26,6 +26,7 @@ pub mod unpacked { use crate::{polynomial::PolynomialRingElement, vector::traits::Operations}; /// An unpacked ML-KEM IND-CPA Private Key + #[derive(Clone)] pub(crate) struct IndCpaPrivateKeyUnpacked { pub(crate) secret_as_ntt: [PolynomialRingElement; K], } @@ -295,6 +296,26 @@ pub(crate) fn generate_keypair< &mut public_key, ); + serialize_unpacked_secret_key::< + K, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + RANKED_BYTES_PER_RING_ELEMENT, + Vector, + >(public_key, private_key) +} + +/// Serialize the secret key from the unpacked key pair generation. +pub(crate) fn serialize_unpacked_secret_key< + const K: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + Vector: Operations, +>( + public_key: IndCpaPublicKeyUnpacked, + private_key: IndCpaPrivateKeyUnpacked, +) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { // pk := (Encode_12(tˆ mod^{+}q) || ρ) let public_key_serialized = serialize_public_key::( diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 3b3484b04..0eb9e31b3 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -247,7 +247,7 @@ macro_rules! instantiate { public_key: &MlKem1024PublicKeyUnpacked, serialized: &mut MlKem1024PublicKey, ) { - public_key.serialized_public_key_mut::< + public_key.serialized_mut::< RANKED_BYTES_PER_RING_ELEMENT_1024, CPA_PKE_PUBLIC_KEY_SIZE_1024, >(serialized); diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index c6fa31997..9cac84f8f 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -244,7 +244,7 @@ macro_rules! instantiate { public_key: &MlKem512PublicKeyUnpacked, serialized: &mut MlKem512PublicKey ) { - public_key.serialized_public_key_mut::< + public_key.serialized_mut::< RANKED_BYTES_PER_RING_ELEMENT_512, CPA_PKE_PUBLIC_KEY_SIZE_512 >(serialized) diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index bdc5c78f7..908a275d9 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -243,7 +243,12 @@ macro_rules! instantiate { /// Get the serialized public key. pub fn serialized_public_key(public_key: &MlKem768PublicKeyUnpacked, serialized : &mut MlKem768PublicKey) { - public_key.serialized_public_key_mut::(serialized); + public_key.serialized_mut::(serialized); + } + + /// Get the serialized private key. + pub fn key_pair_serialized_private_key(key_pair: &MlKem768KeyPairUnpacked, serialized : &mut MlKem768PrivateKey) { + key_pair.serialized_private_key_mut::(serialized); } /// Get the serialized public key. From 75e282cbd9d989f980f36a2a321327b706233efa Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 10 Oct 2024 06:01:34 +0000 Subject: [PATCH 02/17] re-extracted C code --- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 378 ++++++++++++----- .../cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 381 +++++++++++++----- .../cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 9 files changed, 562 insertions(+), 211 deletions(-) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 4add81599..969269f17 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c Karamel: 8c3612018c25889288da6857771be3ad03b75bcd F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 897008ee57eed9e4574222a5e96d306ce203ecee +Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index a96bbfd12..057b1a127 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 897008ee57eed9e4574222a5e96d306ce203ecee + * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 6e3aafe81..957aac950 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 897008ee57eed9e4574222a5e96d306ce203ecee + * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index fb858b7f6..d1435d91b 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 897008ee57eed9e4574222a5e96d306ce203ecee + * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f */ #ifndef __libcrux_mlkem768_avx2_H @@ -5550,26 +5550,22 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ed( } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 - RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_bb(Eurydice_slice key_generation_seed) { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_ab(); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22( - key_generation_seed, &private_key, &public_key); +libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 public_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 private_key) { uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ @@ -5600,23 +5596,48 @@ libcrux_ml_kem_ind_cpa_generate_keypair_bb(Eurydice_slice key_generation_seed) { return lit; } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_bb(Eurydice_slice key_generation_seed) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_1a_ab(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22( + key_generation_seed, &private_key, &public_key); + return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(public_key, + private_key); +} + /** Serialize the secret key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae( +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_ae( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t *serialized) { size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; + uint8_t *uu____0 = serialized; size_t uu____1 = pointer; size_t uu____2 = pointer; Eurydice_slice_copy( @@ -5625,7 +5646,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae( uint8_t), private_key, uint8_t); pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; + uint8_t *uu____3 = serialized; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( @@ -5635,13 +5656,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae( public_key, uint8_t); pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_e0(public_key, ret0); + serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_e0(public_key, ret); Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; + uint8_t *uu____7 = serialized; size_t uu____8 = pointer; size_t uu____9 = pointer; Eurydice_slice_copy( @@ -5650,6 +5672,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae( uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), uint8_t), implicit_rejection_value, uint8_t); +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ae( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_ae( + private_key, public_key, implicit_rejection_value, out); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -6203,34 +6244,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_bb0( libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220( key_generation_seed, &private_key, &public_key); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ - mod^{+}q) || ρ) */ - public_key.t_as_ntt, - Eurydice_array_to_slice( - (size_t)32U, - public_key.seed_for_A, - uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(/* sk := Encode_12(sˆ mod^{+}q) - */ - private_key.secret_as_ntt, - secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; + return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(public_key, + private_key); } /** @@ -7085,6 +7100,203 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { return libcrux_ml_kem_ind_cca_unpacked_default_1c_ab(); } +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#3} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 +libcrux_ml_kem_ind_cpa_unpacked_clone_89_ab( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->t_as_ntt, uu____0, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6, void *); + uint8_t uu____1[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U][3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->A, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U], void *); + memcpy(lit.A, ret, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U])); + return lit; +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 2400 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ed0( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *key, + uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_79(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + } + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_55 libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c0( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 public_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 private_key) { + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ + mod^{+}q) || ρ) */ + public_key.t_as_ntt, + Eurydice_array_to_slice( + (size_t)32U, + public_key.seed_for_A, + uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_ed0(/* sk := Encode_12(sˆ + mod^{+}q) */ + private_key.secret_as_ntt, + secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + tuple_55 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@2])#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_2c +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 +libcrux_ml_kem_ind_cpa_unpacked_clone_2c_ab( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *self) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 lit; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->secret_as_ntt, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6, void *); + memcpy( + lit.secret_as_ntt, ret, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + return lit; +} + +/** + Get the serialized private key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_mut_de with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_8c( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 uu____0 = + libcrux_ml_kem_ind_cpa_unpacked_clone_89_ab( + &self->public_key.ind_cpa_public_key); + tuple_55 uu____1 = libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c0( + uu____0, libcrux_ml_kem_ind_cpa_unpacked_clone_2c_ab( + &self->private_key.ind_cpa_private_key)); + uint8_t pk[2400U]; + memcpy(pk, uu____1.fst, (size_t)2400U * sizeof(uint8_t)); + uint8_t sk[1184U]; + memcpy(sk, uu____1.snd, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( + Eurydice_array_to_slice((size_t)1184U, sk, uint8_t), + Eurydice_array_to_slice((size_t)2400U, pk, uint8_t), + Eurydice_array_to_slice( + (size_t)32U, self->private_key.implicit_rejection_value, uint8_t), + serialized->value); +} + +/** + Get the serialized private key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_private_key( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_8c(key_pair, + serialized); +} + /** Get the serialized public key. */ @@ -7094,16 +7306,16 @@ This function found in impl K>[TraitClause@0, TraitClause@1]} */ /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_mut_dd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ed( +libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_ed( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self, libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_ed( @@ -7134,8 +7346,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_ed( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ed( - &self->public_key, serialized); + libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_ed(&self->public_key, + serialized); } /** @@ -7150,61 +7362,24 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( serialized); } -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ab( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3U, self->t_as_ntt, uu____0, - libcrux_ml_kem_polynomial_PolynomialRingElement_f6, void *); - uint8_t uu____1[32U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 lit; - memcpy( - lit.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); - memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U][3U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3U, self->A, ret, - libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U], void *); - memcpy(lit.A, ret, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U])); - return lit; -} - /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +K>[TraitClause@0, TraitClause@2])#5} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_9e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 -libcrux_ml_kem_ind_cca_unpacked_clone_28_ab( +libcrux_ml_kem_ind_cca_unpacked_clone_9e_ab( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ab(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_89_ab(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7241,7 +7416,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_ab( + libcrux_ml_kem_ind_cca_unpacked_clone_9e_ab( libcrux_ml_kem_ind_cca_unpacked_public_key_de_ab(key_pair)); pk[0U] = uu____0; } @@ -7253,8 +7428,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *public_key, libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_ed(public_key, - serialized); + libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_ed(public_key, serialized); } /** diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index dc7c6c8bc..2981e3f5e 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 897008ee57eed9e4574222a5e96d306ce203ecee + * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 09cc26c43..6677f138c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 897008ee57eed9e4574222a5e96d306ce203ecee + * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f */ #ifndef __libcrux_mlkem768_portable_H @@ -5980,25 +5980,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_6c( } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_MlKem with const generics + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 - RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_15(Eurydice_slice key_generation_seed) { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_1b(); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( - key_generation_seed, &private_key, &public_key); +libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key) { uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_6c(/* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ @@ -6029,22 +6025,46 @@ libcrux_ml_kem_ind_cpa_generate_keypair_15(Eurydice_slice key_generation_seed) { return lit; } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_15(Eurydice_slice key_generation_seed) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_1a_1b(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( + key_generation_seed, &private_key, &public_key); + return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(public_key, + private_key); +} + /** Serialize the secret key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t *serialized) { size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; + uint8_t *uu____0 = serialized; size_t uu____1 = pointer; size_t uu____2 = pointer; Eurydice_slice_copy( @@ -6053,7 +6073,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( uint8_t), private_key, uint8_t); pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; + uint8_t *uu____3 = serialized; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( @@ -6063,13 +6083,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( public_key, uint8_t); pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_e0(public_key, ret0); + serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_portable_H_f1_e0(public_key, ret); Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; + uint8_t *uu____7 = serialized; size_t uu____8 = pointer; size_t uu____9 = pointer; Eurydice_slice_copy( @@ -6078,6 +6099,24 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), uint8_t), implicit_rejection_value, uint8_t); +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( + private_key, public_key, implicit_rejection_value, out); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -6620,34 +6659,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_150( libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0( key_generation_seed, &private_key, &public_key); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_6c(/* pk := (Encode_12(tˆ - mod^{+}q) || ρ) */ - public_key.t_as_ntt, - Eurydice_array_to_slice( - (size_t)32U, - public_key.seed_for_A, - uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_89(/* sk := Encode_12(sˆ mod^{+}q) - */ - private_key.secret_as_ntt, - secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; + return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(public_key, + private_key); } /** @@ -7483,6 +7496,207 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { return libcrux_ml_kem_ind_cca_unpacked_default_1c_1b(); } +/** +A monomorphic instance of K. +with types uint8_t[2400size_t], uint8_t[1184size_t] + +*/ +typedef struct tuple_55_s { + uint8_t fst[2400U]; + uint8_t snd[1184U]; +} tuple_55; + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#3} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_89 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_clone_89_1b( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->t_as_ntt, uu____0, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d, void *); + uint8_t uu____1[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->A, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U], void *); + memcpy(lit.A, ret, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); + return lit; +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- OUT_LEN= 2400 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_890( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key, + uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8c(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + } + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +*/ +static inline tuple_55 libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_430( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key) { + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_6c(/* pk := (Encode_12(tˆ + mod^{+}q) || ρ) */ + public_key.t_as_ntt, + Eurydice_array_to_slice( + (size_t)32U, + public_key.seed_for_A, + uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_890(/* sk := Encode_12(sˆ + mod^{+}q) */ + private_key.secret_as_ntt, + secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + tuple_55 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@2])#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_2c +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_clone_2c_1b( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *self) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->secret_as_ntt, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d, void *); + memcpy( + lit.secret_as_ntt, ret, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + return lit; +} + +/** + Get the serialized private key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_mut_de with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_43( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____0 = + libcrux_ml_kem_ind_cpa_unpacked_clone_89_1b( + &self->public_key.ind_cpa_public_key); + tuple_55 uu____1 = libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_430( + uu____0, libcrux_ml_kem_ind_cpa_unpacked_clone_2c_1b( + &self->private_key.ind_cpa_private_key)); + uint8_t pk[2400U]; + memcpy(pk, uu____1.fst, (size_t)2400U * sizeof(uint8_t)); + uint8_t sk[1184U]; + memcpy(sk, uu____1.snd, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( + Eurydice_array_to_slice((size_t)1184U, sk, uint8_t), + Eurydice_array_to_slice((size_t)2400U, pk, uint8_t), + Eurydice_array_to_slice( + (size_t)32U, self->private_key.implicit_rejection_value, uint8_t), + serialized->value); +} + +/** + Get the serialized private key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_43(key_pair, + serialized); +} + /** Get the serialized public key. */ @@ -7492,15 +7706,15 @@ This function found in impl K>[TraitClause@0, TraitClause@1]} */ /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_mut_dd +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_6c( +libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_6c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c( @@ -7530,8 +7744,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6c( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_6c( - &self->public_key, serialized); + libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_6c(&self->public_key, + serialized); } /** @@ -7545,59 +7759,23 @@ libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( serialized); } -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_1b( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3U, self->t_as_ntt, uu____0, - libcrux_ml_kem_polynomial_PolynomialRingElement_1d, void *); - uint8_t uu____1[32U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; - memcpy( - lit.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); - memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3U, self->A, ret, - libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U], void *); - memcpy(lit.A, ret, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); - return lit; -} - /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +K>[TraitClause@0, TraitClause@2])#5} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_9e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_1b( +libcrux_ml_kem_ind_cca_unpacked_clone_9e_1b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_1b(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_89_1b(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7632,7 +7810,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_1b( + libcrux_ml_kem_ind_cca_unpacked_clone_9e_1b( libcrux_ml_kem_ind_cca_unpacked_public_key_de_1b(key_pair)); pk[0U] = uu____0; } @@ -7644,8 +7822,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_6c(public_key, - serialized); + libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_6c(public_key, serialized); } /** diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index c1358b125..0c9798ee7 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 897008ee57eed9e4574222a5e96d306ce203ecee + * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 992d864dc..b32777454 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 897008ee57eed9e4574222a5e96d306ce203ecee + * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index a0cb21cf0..927dfed6c 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 897008ee57eed9e4574222a5e96d306ce203ecee + * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f */ #ifndef __libcrux_sha3_portable_H From 764d9d62e64cf9c9942b26057245b87e9e4b722d Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 10 Oct 2024 13:55:09 +0000 Subject: [PATCH 03/17] wip --- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 229 +++++------------ .../cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 234 +++++------------- .../cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- libcrux-ml-kem/src/ind_cca.rs | 16 +- libcrux-ml-kem/src/ind_cpa.rs | 6 +- libcrux-ml-kem/src/mlkem1024.rs | 5 + libcrux-ml-kem/src/mlkem512.rs | 5 + libcrux-ml-kem/src/mlkem768.rs | 2 +- libcrux-ml-kem/tests/self.rs | 9 + 15 files changed, 158 insertions(+), 362 deletions(-) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 969269f17..cb9376a2c 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c Karamel: 8c3612018c25889288da6857771be3ad03b75bcd F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f +Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 057b1a127..cab1abb8c 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f + * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 957aac950..6c6feaf4c 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f + * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index d1435d91b..ecbf914f8 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 9f0de7fd00e15b176df131372174fa44e09d8b8f + * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa */ #ifndef __libcrux_mlkem768_avx2_H @@ -5564,21 +5564,21 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 public_key, - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 private_key) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key) { uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ - public_key.t_as_ntt, + public_key->t_as_ntt, Eurydice_array_to_slice( (size_t)32U, - public_key.seed_for_A, + public_key->seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(/* sk := Encode_12(sˆ mod^{+}q) */ - private_key.secret_as_ntt, + private_key->secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5617,8 +5617,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_bb(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22( key_generation_seed, &private_key, &public_key); - return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(public_key, - private_key); + return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(&public_key, + &private_key); } /** @@ -6244,8 +6244,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_bb0( libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220( key_generation_seed, &private_key, &public_key); - return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(public_key, - private_key); + return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c(&public_key, + &private_key); } /** @@ -7100,151 +7100,6 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { return libcrux_ml_kem_ind_cca_unpacked_default_1c_ab(); } -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#3} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 -libcrux_ml_kem_ind_cpa_unpacked_clone_89_ab( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3U, self->t_as_ntt, uu____0, - libcrux_ml_kem_polynomial_PolynomialRingElement_f6, void *); - uint8_t uu____1[32U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 lit; - memcpy( - lit.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); - memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U][3U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3U, self->A, ret, - libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U], void *); - memcpy(lit.A, ret, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U])); - return lit; -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 2400 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ed0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *key, - uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f6), - libcrux_ml_kem_polynomial_PolynomialRingElement_f6); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_79(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); - } - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** - Serialize the secret key from the unpacked key pair generation. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_55 libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 public_key, - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 private_key) { - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ - mod^{+}q) || ρ) */ - public_key.t_as_ntt, - Eurydice_array_to_slice( - (size_t)32U, - public_key.seed_for_A, - uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ed0(/* sk := Encode_12(sˆ - mod^{+}q) */ - private_key.secret_as_ntt, - secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - tuple_55 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@2])#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_2c -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 -libcrux_ml_kem_ind_cpa_unpacked_clone_2c_ab( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *self) { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 lit; - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3U, self->secret_as_ntt, ret, - libcrux_ml_kem_polynomial_PolynomialRingElement_f6, void *); - memcpy( - lit.secret_as_ntt, ret, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); - return lit; -} - /** Get the serialized private key. */ @@ -7258,28 +7113,27 @@ A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_mut_de with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 - RANKED_BYTES_PER_RING_ELEMENT= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_8c( +libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_2f( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 uu____0 = - libcrux_ml_kem_ind_cpa_unpacked_clone_89_ab( - &self->public_key.ind_cpa_public_key); - tuple_55 uu____1 = libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c0( - uu____0, libcrux_ml_kem_ind_cpa_unpacked_clone_2c_ab( - &self->private_key.ind_cpa_private_key)); - uint8_t pk[2400U]; - memcpy(pk, uu____1.fst, (size_t)2400U * sizeof(uint8_t)); - uint8_t sk[1184U]; - memcpy(sk, uu____1.snd, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c( + &self->public_key.ind_cpa_public_key, + &self->private_key.ind_cpa_private_key); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t ind_cpa_public_key[1184U]; + memcpy(ind_cpa_public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( - Eurydice_array_to_slice((size_t)1184U, sk, uint8_t), - Eurydice_array_to_slice((size_t)2400U, pk, uint8_t), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, ind_cpa_public_key, uint8_t), Eurydice_array_to_slice( (size_t)32U, self->private_key.implicit_rejection_value, uint8_t), serialized->value); @@ -7293,7 +7147,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_private_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_8c(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_2f(key_pair, serialized); } @@ -7362,6 +7216,43 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( serialized); } +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#3} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 +libcrux_ml_kem_ind_cpa_unpacked_clone_89_ab( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->t_as_ntt, uu____0, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6, void *); + uint8_t uu____1[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U][3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->A, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U], void *); + memcpy(lit.A, ret, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U])); + return lit; +} + /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpackedt_as_ntt, Eurydice_array_to_slice( (size_t)32U, - public_key.seed_for_A, + public_key->seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_89(/* sk := Encode_12(sˆ mod^{+}q) */ - private_key.secret_as_ntt, + private_key->secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6045,8 +6045,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_15(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( key_generation_seed, &private_key, &public_key); - return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(public_key, - private_key); + return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(&public_key, + &private_key); } /** @@ -6659,8 +6659,8 @@ libcrux_ml_kem_ind_cpa_generate_keypair_150( libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0( key_generation_seed, &private_key, &public_key); - return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(public_key, - private_key); + return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43(&public_key, + &private_key); } /** @@ -7496,157 +7496,6 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { return libcrux_ml_kem_ind_cca_unpacked_default_1c_1b(); } -/** -A monomorphic instance of K. -with types uint8_t[2400size_t], uint8_t[1184size_t] - -*/ -typedef struct tuple_55_s { - uint8_t fst[2400U]; - uint8_t snd[1184U]; -} tuple_55; - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#3} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_89 -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_89_1b( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3U, self->t_as_ntt, uu____0, - libcrux_ml_kem_polynomial_PolynomialRingElement_1d, void *); - uint8_t uu____1[32U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; - memcpy( - lit.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); - memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3U, self->A, ret, - libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U], void *); - memcpy(lit.A, ret, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); - return lit; -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -- OUT_LEN= 2400 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_890( - libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key, - uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1d), - libcrux_ml_kem_polynomial_PolynomialRingElement_1d); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8c(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); - } - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** - Serialize the secret key from the unpacked key pair generation. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -*/ -static inline tuple_55 libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_430( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key, - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key) { - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_6c(/* pk := (Encode_12(tˆ - mod^{+}q) || ρ) */ - public_key.t_as_ntt, - Eurydice_array_to_slice( - (size_t)32U, - public_key.seed_for_A, - uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_890(/* sk := Encode_12(sˆ - mod^{+}q) */ - private_key.secret_as_ntt, - secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - tuple_55 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@2])#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_2c -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_2c_1b( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *self) { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; - libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3U, self->secret_as_ntt, ret, - libcrux_ml_kem_polynomial_PolynomialRingElement_1d, void *); - memcpy( - lit.secret_as_ntt, ret, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); - return lit; -} - /** Get the serialized private key. */ @@ -7660,27 +7509,26 @@ A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_mut_de with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 - RANKED_BYTES_PER_RING_ELEMENT= 1152 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_43( +libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_42( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cpa_unpacked_clone_89_1b( - &self->public_key.ind_cpa_public_key); - tuple_55 uu____1 = libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_430( - uu____0, libcrux_ml_kem_ind_cpa_unpacked_clone_2c_1b( - &self->private_key.ind_cpa_private_key)); - uint8_t pk[2400U]; - memcpy(pk, uu____1.fst, (size_t)2400U * sizeof(uint8_t)); - uint8_t sk[1184U]; - memcpy(sk, uu____1.snd, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43( + &self->public_key.ind_cpa_public_key, + &self->private_key.ind_cpa_private_key); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t ind_cpa_public_key[1184U]; + memcpy(ind_cpa_public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( - Eurydice_array_to_slice((size_t)1184U, sk, uint8_t), - Eurydice_array_to_slice((size_t)2400U, pk, uint8_t), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, ind_cpa_public_key, uint8_t), Eurydice_array_to_slice( (size_t)32U, self->private_key.implicit_rejection_value, uint8_t), serialized->value); @@ -7693,7 +7541,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_43(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_42(key_pair, serialized); } @@ -7759,6 +7607,42 @@ libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( serialized); } +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#3} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_89 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_clone_89_1b( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->t_as_ntt, uu____0, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d, void *); + uint8_t uu____1[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->A, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U], void *); + memcpy(lit.A, ret, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); + return lit; +} + /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked, ) { - let (pk, sk) = ind_cpa::serialize_unpacked_secret_key::< + let (ind_cpa_private_key, ind_cpa_public_key) = ind_cpa::serialize_unpacked_secret_key::< K, - PRIVATE_KEY_SIZE, + CPA_PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, RANKED_BYTES_PER_RING_ELEMENT, Vector, >( - self.public_key.ind_cpa_public_key.clone(), - self.private_key.ind_cpa_private_key.clone(), + &self.public_key.ind_cpa_public_key, + &self.private_key.ind_cpa_private_key, ); serialize_kem_secret_key_mut::>( - &sk, - &pk, + &ind_cpa_private_key, + &ind_cpa_public_key, &self.private_key.implicit_rejection_value, &mut serialized.value, ); @@ -479,6 +480,7 @@ pub(crate) mod unpacked { /// Get the serialized private key. #[inline(always)] pub fn serialized_private_key< + const CPA_PRIVATE_KEY_SIZE: usize, const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize, const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -486,7 +488,7 @@ pub(crate) mod unpacked { &self, ) -> MlKemPrivateKey { let mut sk = MlKemPrivateKey::default(); - self.serialized_private_key_mut::(&mut sk); + self.serialized_private_key_mut::(&mut sk); sk } } diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index e871c6964..f9e81a52c 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -302,7 +302,7 @@ pub(crate) fn generate_keypair< PUBLIC_KEY_SIZE, RANKED_BYTES_PER_RING_ELEMENT, Vector, - >(public_key, private_key) + >(&public_key, &private_key) } /// Serialize the secret key from the unpacked key pair generation. @@ -313,8 +313,8 @@ pub(crate) fn serialize_unpacked_secret_key< const RANKED_BYTES_PER_RING_ELEMENT: usize, Vector: Operations, >( - public_key: IndCpaPublicKeyUnpacked, - private_key: IndCpaPrivateKeyUnpacked, + public_key: &IndCpaPublicKeyUnpacked, + private_key: &IndCpaPrivateKeyUnpacked, ) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { // pk := (Encode_12(tˆ mod^{+}q) || ρ) let public_key_serialized = diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 0eb9e31b3..193f08ed9 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -253,6 +253,11 @@ macro_rules! instantiate { >(serialized); } + /// Get the serialized private key. + pub fn key_pair_serialized_private_key(key_pair: &MlKem1024KeyPairUnpacked, serialized : &mut MlKem1024PrivateKey) { + key_pair.serialized_private_key_mut::(serialized); + } + /// Get the unpacked public key. pub fn unpacked_public_key( public_key: &MlKem1024PublicKey, diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 9cac84f8f..f9777825c 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -250,6 +250,11 @@ macro_rules! instantiate { >(serialized) } + /// Get the serialized private key. + pub fn key_pair_serialized_private_key(key_pair: &MlKem512KeyPairUnpacked, serialized : &mut MlKem512PrivateKey) { + key_pair.serialized_private_key_mut::(serialized); + } + /// Get the unpacked public key. pub fn unpacked_public_key( public_key: &MlKem512PublicKey, diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 908a275d9..6ebe30ece 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -248,7 +248,7 @@ macro_rules! instantiate { /// Get the serialized private key. pub fn key_pair_serialized_private_key(key_pair: &MlKem768KeyPairUnpacked, serialized : &mut MlKem768PrivateKey) { - key_pair.serialized_private_key_mut::(serialized); + key_pair.serialized_private_key_mut::(serialized); } /// Get the serialized public key. diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index ebffcc0b2..849451b42 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -69,6 +69,15 @@ macro_rules! impl_consistency_unpacked { serialized_public_key.as_slice(), key_pair.public_key().as_slice() ); + let mut serialized_private_key = Default::default(); + p::unpacked::key_pair_serialized_private_key( + &key_pair_unpacked, + &mut serialized_private_key, + ); + assert_eq!( + serialized_private_key.as_slice(), + key_pair.private_key().as_slice() + ); let randomness = random_array(); let (ciphertext, shared_secret) = p::encapsulate(key_pair.public_key(), randomness); From 1bc56db049fc08122a8ebcbf182b857d83478f4c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 10 Oct 2024 18:06:33 +0000 Subject: [PATCH 04/17] better apis and tests --- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2435 ++++++++++++++++- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 124 +- .../cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 121 +- .../cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- libcrux-ml-kem/src/ind_cca.rs | 10 +- libcrux-ml-kem/src/mlkem1024.rs | 28 +- libcrux-ml-kem/src/mlkem512.rs | 28 +- libcrux-ml-kem/src/mlkem768.rs | 23 +- libcrux-ml-kem/tests/nistkats.rs | 14 + 14 files changed, 2762 insertions(+), 33 deletions(-) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index cb9376a2c..aa7ba1844 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c Karamel: 8c3612018c25889288da6857771be3ad03b75bcd F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa +Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index cab1abb8c..5b11a486b 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa + * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d */ #ifndef __libcrux_core_H @@ -209,6 +209,2430 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_9e( memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $2400size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s { + uint8_t value[2400U]; +} libcrux_ml_kem_types_MlKemPrivateKey_d9; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::types::MlKemPrivateKey)#8} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.default_9e +with const generics +- SIZE= 2400 +*/ +static inline libcrux_ml_kem_types_MlKemPrivateKey_d9 +libcrux_ml_kem_types_default_9e_28(void) { + libcrux_ml_kem_types_MlKemPrivateKey_d9 lit; + lit.value[0U] = 0U; + lit.value[1U] = 0U; + lit.value[2U] = 0U; + lit.value[3U] = 0U; + lit.value[4U] = 0U; + lit.value[5U] = 0U; + lit.value[6U] = 0U; + lit.value[7U] = 0U; + lit.value[8U] = 0U; + lit.value[9U] = 0U; + lit.value[10U] = 0U; + lit.value[11U] = 0U; + lit.value[12U] = 0U; + lit.value[13U] = 0U; + lit.value[14U] = 0U; + lit.value[15U] = 0U; + lit.value[16U] = 0U; + lit.value[17U] = 0U; + lit.value[18U] = 0U; + lit.value[19U] = 0U; + lit.value[20U] = 0U; + lit.value[21U] = 0U; + lit.value[22U] = 0U; + lit.value[23U] = 0U; + lit.value[24U] = 0U; + lit.value[25U] = 0U; + lit.value[26U] = 0U; + lit.value[27U] = 0U; + lit.value[28U] = 0U; + lit.value[29U] = 0U; + lit.value[30U] = 0U; + lit.value[31U] = 0U; + lit.value[32U] = 0U; + lit.value[33U] = 0U; + lit.value[34U] = 0U; + lit.value[35U] = 0U; + lit.value[36U] = 0U; + lit.value[37U] = 0U; + lit.value[38U] = 0U; + lit.value[39U] = 0U; + lit.value[40U] = 0U; + lit.value[41U] = 0U; + lit.value[42U] = 0U; + lit.value[43U] = 0U; + lit.value[44U] = 0U; + lit.value[45U] = 0U; + lit.value[46U] = 0U; + lit.value[47U] = 0U; + lit.value[48U] = 0U; + lit.value[49U] = 0U; + lit.value[50U] = 0U; + lit.value[51U] = 0U; + lit.value[52U] = 0U; + lit.value[53U] = 0U; + lit.value[54U] = 0U; + lit.value[55U] = 0U; + lit.value[56U] = 0U; + lit.value[57U] = 0U; + lit.value[58U] = 0U; + lit.value[59U] = 0U; + lit.value[60U] = 0U; + lit.value[61U] = 0U; + lit.value[62U] = 0U; + lit.value[63U] = 0U; + lit.value[64U] = 0U; + lit.value[65U] = 0U; + lit.value[66U] = 0U; + lit.value[67U] = 0U; + lit.value[68U] = 0U; + lit.value[69U] = 0U; + lit.value[70U] = 0U; + lit.value[71U] = 0U; + lit.value[72U] = 0U; + lit.value[73U] = 0U; + lit.value[74U] = 0U; + lit.value[75U] = 0U; + lit.value[76U] = 0U; + lit.value[77U] = 0U; + lit.value[78U] = 0U; + lit.value[79U] = 0U; + lit.value[80U] = 0U; + lit.value[81U] = 0U; + lit.value[82U] = 0U; + lit.value[83U] = 0U; + lit.value[84U] = 0U; + lit.value[85U] = 0U; + lit.value[86U] = 0U; + lit.value[87U] = 0U; + lit.value[88U] = 0U; + lit.value[89U] = 0U; + lit.value[90U] = 0U; + lit.value[91U] = 0U; + lit.value[92U] = 0U; + lit.value[93U] = 0U; + lit.value[94U] = 0U; + lit.value[95U] = 0U; + lit.value[96U] = 0U; + lit.value[97U] = 0U; + lit.value[98U] = 0U; + lit.value[99U] = 0U; + lit.value[100U] = 0U; + lit.value[101U] = 0U; + lit.value[102U] = 0U; + lit.value[103U] = 0U; + lit.value[104U] = 0U; + lit.value[105U] = 0U; + lit.value[106U] = 0U; + lit.value[107U] = 0U; + lit.value[108U] = 0U; + lit.value[109U] = 0U; + lit.value[110U] = 0U; + lit.value[111U] = 0U; + lit.value[112U] = 0U; + lit.value[113U] = 0U; + lit.value[114U] = 0U; + lit.value[115U] = 0U; + lit.value[116U] = 0U; + lit.value[117U] = 0U; + lit.value[118U] = 0U; + lit.value[119U] = 0U; + lit.value[120U] = 0U; + lit.value[121U] = 0U; + lit.value[122U] = 0U; + lit.value[123U] = 0U; + lit.value[124U] = 0U; + lit.value[125U] = 0U; + lit.value[126U] = 0U; + lit.value[127U] = 0U; + lit.value[128U] = 0U; + lit.value[129U] = 0U; + lit.value[130U] = 0U; + lit.value[131U] = 0U; + lit.value[132U] = 0U; + lit.value[133U] = 0U; + lit.value[134U] = 0U; + lit.value[135U] = 0U; + lit.value[136U] = 0U; + lit.value[137U] = 0U; + lit.value[138U] = 0U; + lit.value[139U] = 0U; + lit.value[140U] = 0U; + lit.value[141U] = 0U; + lit.value[142U] = 0U; + lit.value[143U] = 0U; + lit.value[144U] = 0U; + lit.value[145U] = 0U; + lit.value[146U] = 0U; + lit.value[147U] = 0U; + lit.value[148U] = 0U; + lit.value[149U] = 0U; + lit.value[150U] = 0U; + lit.value[151U] = 0U; + lit.value[152U] = 0U; + lit.value[153U] = 0U; + lit.value[154U] = 0U; + lit.value[155U] = 0U; + lit.value[156U] = 0U; + lit.value[157U] = 0U; + lit.value[158U] = 0U; + lit.value[159U] = 0U; + lit.value[160U] = 0U; + lit.value[161U] = 0U; + lit.value[162U] = 0U; + lit.value[163U] = 0U; + lit.value[164U] = 0U; + lit.value[165U] = 0U; + lit.value[166U] = 0U; + lit.value[167U] = 0U; + lit.value[168U] = 0U; + lit.value[169U] = 0U; + lit.value[170U] = 0U; + lit.value[171U] = 0U; + lit.value[172U] = 0U; + lit.value[173U] = 0U; + lit.value[174U] = 0U; + lit.value[175U] = 0U; + lit.value[176U] = 0U; + lit.value[177U] = 0U; + lit.value[178U] = 0U; + lit.value[179U] = 0U; + lit.value[180U] = 0U; + lit.value[181U] = 0U; + lit.value[182U] = 0U; + lit.value[183U] = 0U; + lit.value[184U] = 0U; + lit.value[185U] = 0U; + lit.value[186U] = 0U; + lit.value[187U] = 0U; + lit.value[188U] = 0U; + lit.value[189U] = 0U; + lit.value[190U] = 0U; + lit.value[191U] = 0U; + lit.value[192U] = 0U; + lit.value[193U] = 0U; + lit.value[194U] = 0U; + lit.value[195U] = 0U; + lit.value[196U] = 0U; + lit.value[197U] = 0U; + lit.value[198U] = 0U; + lit.value[199U] = 0U; + lit.value[200U] = 0U; + lit.value[201U] = 0U; + lit.value[202U] = 0U; + lit.value[203U] = 0U; + lit.value[204U] = 0U; + lit.value[205U] = 0U; + lit.value[206U] = 0U; + lit.value[207U] = 0U; + lit.value[208U] = 0U; + lit.value[209U] = 0U; + lit.value[210U] = 0U; + lit.value[211U] = 0U; + lit.value[212U] = 0U; + lit.value[213U] = 0U; + lit.value[214U] = 0U; + lit.value[215U] = 0U; + lit.value[216U] = 0U; + lit.value[217U] = 0U; + lit.value[218U] = 0U; + lit.value[219U] = 0U; + lit.value[220U] = 0U; + lit.value[221U] = 0U; + lit.value[222U] = 0U; + lit.value[223U] = 0U; + lit.value[224U] = 0U; + lit.value[225U] = 0U; + lit.value[226U] = 0U; + lit.value[227U] = 0U; + lit.value[228U] = 0U; + lit.value[229U] = 0U; + lit.value[230U] = 0U; + lit.value[231U] = 0U; + lit.value[232U] = 0U; + lit.value[233U] = 0U; + lit.value[234U] = 0U; + lit.value[235U] = 0U; + lit.value[236U] = 0U; + lit.value[237U] = 0U; + lit.value[238U] = 0U; + lit.value[239U] = 0U; + lit.value[240U] = 0U; + lit.value[241U] = 0U; + lit.value[242U] = 0U; + lit.value[243U] = 0U; + lit.value[244U] = 0U; + lit.value[245U] = 0U; + lit.value[246U] = 0U; + lit.value[247U] = 0U; + lit.value[248U] = 0U; + lit.value[249U] = 0U; + lit.value[250U] = 0U; + lit.value[251U] = 0U; + lit.value[252U] = 0U; + lit.value[253U] = 0U; + lit.value[254U] = 0U; + lit.value[255U] = 0U; + lit.value[256U] = 0U; + lit.value[257U] = 0U; + lit.value[258U] = 0U; + lit.value[259U] = 0U; + lit.value[260U] = 0U; + lit.value[261U] = 0U; + lit.value[262U] = 0U; + lit.value[263U] = 0U; + lit.value[264U] = 0U; + lit.value[265U] = 0U; + lit.value[266U] = 0U; + lit.value[267U] = 0U; + lit.value[268U] = 0U; + lit.value[269U] = 0U; + lit.value[270U] = 0U; + lit.value[271U] = 0U; + lit.value[272U] = 0U; + lit.value[273U] = 0U; + lit.value[274U] = 0U; + lit.value[275U] = 0U; + lit.value[276U] = 0U; + lit.value[277U] = 0U; + lit.value[278U] = 0U; + lit.value[279U] = 0U; + lit.value[280U] = 0U; + lit.value[281U] = 0U; + lit.value[282U] = 0U; + lit.value[283U] = 0U; + lit.value[284U] = 0U; + lit.value[285U] = 0U; + lit.value[286U] = 0U; + lit.value[287U] = 0U; + lit.value[288U] = 0U; + lit.value[289U] = 0U; + lit.value[290U] = 0U; + lit.value[291U] = 0U; + lit.value[292U] = 0U; + lit.value[293U] = 0U; + lit.value[294U] = 0U; + lit.value[295U] = 0U; + lit.value[296U] = 0U; + lit.value[297U] = 0U; + lit.value[298U] = 0U; + lit.value[299U] = 0U; + lit.value[300U] = 0U; + lit.value[301U] = 0U; + lit.value[302U] = 0U; + lit.value[303U] = 0U; + lit.value[304U] = 0U; + lit.value[305U] = 0U; + lit.value[306U] = 0U; + lit.value[307U] = 0U; + lit.value[308U] = 0U; + lit.value[309U] = 0U; + lit.value[310U] = 0U; + lit.value[311U] = 0U; + lit.value[312U] = 0U; + lit.value[313U] = 0U; + lit.value[314U] = 0U; + lit.value[315U] = 0U; + lit.value[316U] = 0U; + lit.value[317U] = 0U; + lit.value[318U] = 0U; + lit.value[319U] = 0U; + lit.value[320U] = 0U; + lit.value[321U] = 0U; + lit.value[322U] = 0U; + lit.value[323U] = 0U; + lit.value[324U] = 0U; + lit.value[325U] = 0U; + lit.value[326U] = 0U; + lit.value[327U] = 0U; + lit.value[328U] = 0U; + lit.value[329U] = 0U; + lit.value[330U] = 0U; + lit.value[331U] = 0U; + lit.value[332U] = 0U; + lit.value[333U] = 0U; + lit.value[334U] = 0U; + lit.value[335U] = 0U; + lit.value[336U] = 0U; + lit.value[337U] = 0U; + lit.value[338U] = 0U; + lit.value[339U] = 0U; + lit.value[340U] = 0U; + lit.value[341U] = 0U; + lit.value[342U] = 0U; + lit.value[343U] = 0U; + lit.value[344U] = 0U; + lit.value[345U] = 0U; + lit.value[346U] = 0U; + lit.value[347U] = 0U; + lit.value[348U] = 0U; + lit.value[349U] = 0U; + lit.value[350U] = 0U; + lit.value[351U] = 0U; + lit.value[352U] = 0U; + lit.value[353U] = 0U; + lit.value[354U] = 0U; + lit.value[355U] = 0U; + lit.value[356U] = 0U; + lit.value[357U] = 0U; + lit.value[358U] = 0U; + lit.value[359U] = 0U; + lit.value[360U] = 0U; + lit.value[361U] = 0U; + lit.value[362U] = 0U; + lit.value[363U] = 0U; + lit.value[364U] = 0U; + lit.value[365U] = 0U; + lit.value[366U] = 0U; + lit.value[367U] = 0U; + lit.value[368U] = 0U; + lit.value[369U] = 0U; + lit.value[370U] = 0U; + lit.value[371U] = 0U; + lit.value[372U] = 0U; + lit.value[373U] = 0U; + lit.value[374U] = 0U; + lit.value[375U] = 0U; + lit.value[376U] = 0U; + lit.value[377U] = 0U; + lit.value[378U] = 0U; + lit.value[379U] = 0U; + lit.value[380U] = 0U; + lit.value[381U] = 0U; + lit.value[382U] = 0U; + lit.value[383U] = 0U; + lit.value[384U] = 0U; + lit.value[385U] = 0U; + lit.value[386U] = 0U; + lit.value[387U] = 0U; + lit.value[388U] = 0U; + lit.value[389U] = 0U; + lit.value[390U] = 0U; + lit.value[391U] = 0U; + lit.value[392U] = 0U; + lit.value[393U] = 0U; + lit.value[394U] = 0U; + lit.value[395U] = 0U; + lit.value[396U] = 0U; + lit.value[397U] = 0U; + lit.value[398U] = 0U; + lit.value[399U] = 0U; + lit.value[400U] = 0U; + lit.value[401U] = 0U; + lit.value[402U] = 0U; + lit.value[403U] = 0U; + lit.value[404U] = 0U; + lit.value[405U] = 0U; + lit.value[406U] = 0U; + lit.value[407U] = 0U; + lit.value[408U] = 0U; + lit.value[409U] = 0U; + lit.value[410U] = 0U; + lit.value[411U] = 0U; + lit.value[412U] = 0U; + lit.value[413U] = 0U; + lit.value[414U] = 0U; + lit.value[415U] = 0U; + lit.value[416U] = 0U; + lit.value[417U] = 0U; + lit.value[418U] = 0U; + lit.value[419U] = 0U; + lit.value[420U] = 0U; + lit.value[421U] = 0U; + lit.value[422U] = 0U; + lit.value[423U] = 0U; + lit.value[424U] = 0U; + lit.value[425U] = 0U; + lit.value[426U] = 0U; + lit.value[427U] = 0U; + lit.value[428U] = 0U; + lit.value[429U] = 0U; + lit.value[430U] = 0U; + lit.value[431U] = 0U; + lit.value[432U] = 0U; + lit.value[433U] = 0U; + lit.value[434U] = 0U; + lit.value[435U] = 0U; + lit.value[436U] = 0U; + lit.value[437U] = 0U; + lit.value[438U] = 0U; + lit.value[439U] = 0U; + lit.value[440U] = 0U; + lit.value[441U] = 0U; + lit.value[442U] = 0U; + lit.value[443U] = 0U; + lit.value[444U] = 0U; + lit.value[445U] = 0U; + lit.value[446U] = 0U; + lit.value[447U] = 0U; + lit.value[448U] = 0U; + lit.value[449U] = 0U; + lit.value[450U] = 0U; + lit.value[451U] = 0U; + lit.value[452U] = 0U; + lit.value[453U] = 0U; + lit.value[454U] = 0U; + lit.value[455U] = 0U; + lit.value[456U] = 0U; + lit.value[457U] = 0U; + lit.value[458U] = 0U; + lit.value[459U] = 0U; + lit.value[460U] = 0U; + lit.value[461U] = 0U; + lit.value[462U] = 0U; + lit.value[463U] = 0U; + lit.value[464U] = 0U; + lit.value[465U] = 0U; + lit.value[466U] = 0U; + lit.value[467U] = 0U; + lit.value[468U] = 0U; + lit.value[469U] = 0U; + lit.value[470U] = 0U; + lit.value[471U] = 0U; + lit.value[472U] = 0U; + lit.value[473U] = 0U; + lit.value[474U] = 0U; + lit.value[475U] = 0U; + lit.value[476U] = 0U; + lit.value[477U] = 0U; + lit.value[478U] = 0U; + lit.value[479U] = 0U; + lit.value[480U] = 0U; + lit.value[481U] = 0U; + lit.value[482U] = 0U; + lit.value[483U] = 0U; + lit.value[484U] = 0U; + lit.value[485U] = 0U; + lit.value[486U] = 0U; + lit.value[487U] = 0U; + lit.value[488U] = 0U; + lit.value[489U] = 0U; + lit.value[490U] = 0U; + lit.value[491U] = 0U; + lit.value[492U] = 0U; + lit.value[493U] = 0U; + lit.value[494U] = 0U; + lit.value[495U] = 0U; + lit.value[496U] = 0U; + lit.value[497U] = 0U; + lit.value[498U] = 0U; + lit.value[499U] = 0U; + lit.value[500U] = 0U; + lit.value[501U] = 0U; + lit.value[502U] = 0U; + lit.value[503U] = 0U; + lit.value[504U] = 0U; + lit.value[505U] = 0U; + lit.value[506U] = 0U; + lit.value[507U] = 0U; + lit.value[508U] = 0U; + lit.value[509U] = 0U; + lit.value[510U] = 0U; + lit.value[511U] = 0U; + lit.value[512U] = 0U; + lit.value[513U] = 0U; + lit.value[514U] = 0U; + lit.value[515U] = 0U; + lit.value[516U] = 0U; + lit.value[517U] = 0U; + lit.value[518U] = 0U; + lit.value[519U] = 0U; + lit.value[520U] = 0U; + lit.value[521U] = 0U; + lit.value[522U] = 0U; + lit.value[523U] = 0U; + lit.value[524U] = 0U; + lit.value[525U] = 0U; + lit.value[526U] = 0U; + lit.value[527U] = 0U; + lit.value[528U] = 0U; + lit.value[529U] = 0U; + lit.value[530U] = 0U; + lit.value[531U] = 0U; + lit.value[532U] = 0U; + lit.value[533U] = 0U; + lit.value[534U] = 0U; + lit.value[535U] = 0U; + lit.value[536U] = 0U; + lit.value[537U] = 0U; + lit.value[538U] = 0U; + lit.value[539U] = 0U; + lit.value[540U] = 0U; + lit.value[541U] = 0U; + lit.value[542U] = 0U; + lit.value[543U] = 0U; + lit.value[544U] = 0U; + lit.value[545U] = 0U; + lit.value[546U] = 0U; + lit.value[547U] = 0U; + lit.value[548U] = 0U; + lit.value[549U] = 0U; + lit.value[550U] = 0U; + lit.value[551U] = 0U; + lit.value[552U] = 0U; + lit.value[553U] = 0U; + lit.value[554U] = 0U; + lit.value[555U] = 0U; + lit.value[556U] = 0U; + lit.value[557U] = 0U; + lit.value[558U] = 0U; + lit.value[559U] = 0U; + lit.value[560U] = 0U; + lit.value[561U] = 0U; + lit.value[562U] = 0U; + lit.value[563U] = 0U; + lit.value[564U] = 0U; + lit.value[565U] = 0U; + lit.value[566U] = 0U; + lit.value[567U] = 0U; + lit.value[568U] = 0U; + lit.value[569U] = 0U; + lit.value[570U] = 0U; + lit.value[571U] = 0U; + lit.value[572U] = 0U; + lit.value[573U] = 0U; + lit.value[574U] = 0U; + lit.value[575U] = 0U; + lit.value[576U] = 0U; + lit.value[577U] = 0U; + lit.value[578U] = 0U; + lit.value[579U] = 0U; + lit.value[580U] = 0U; + lit.value[581U] = 0U; + lit.value[582U] = 0U; + lit.value[583U] = 0U; + lit.value[584U] = 0U; + lit.value[585U] = 0U; + lit.value[586U] = 0U; + lit.value[587U] = 0U; + lit.value[588U] = 0U; + lit.value[589U] = 0U; + lit.value[590U] = 0U; + lit.value[591U] = 0U; + lit.value[592U] = 0U; + lit.value[593U] = 0U; + lit.value[594U] = 0U; + lit.value[595U] = 0U; + lit.value[596U] = 0U; + lit.value[597U] = 0U; + lit.value[598U] = 0U; + lit.value[599U] = 0U; + lit.value[600U] = 0U; + lit.value[601U] = 0U; + lit.value[602U] = 0U; + lit.value[603U] = 0U; + lit.value[604U] = 0U; + lit.value[605U] = 0U; + lit.value[606U] = 0U; + lit.value[607U] = 0U; + lit.value[608U] = 0U; + lit.value[609U] = 0U; + lit.value[610U] = 0U; + lit.value[611U] = 0U; + lit.value[612U] = 0U; + lit.value[613U] = 0U; + lit.value[614U] = 0U; + lit.value[615U] = 0U; + lit.value[616U] = 0U; + lit.value[617U] = 0U; + lit.value[618U] = 0U; + lit.value[619U] = 0U; + lit.value[620U] = 0U; + lit.value[621U] = 0U; + lit.value[622U] = 0U; + lit.value[623U] = 0U; + lit.value[624U] = 0U; + lit.value[625U] = 0U; + lit.value[626U] = 0U; + lit.value[627U] = 0U; + lit.value[628U] = 0U; + lit.value[629U] = 0U; + lit.value[630U] = 0U; + lit.value[631U] = 0U; + lit.value[632U] = 0U; + lit.value[633U] = 0U; + lit.value[634U] = 0U; + lit.value[635U] = 0U; + lit.value[636U] = 0U; + lit.value[637U] = 0U; + lit.value[638U] = 0U; + lit.value[639U] = 0U; + lit.value[640U] = 0U; + lit.value[641U] = 0U; + lit.value[642U] = 0U; + lit.value[643U] = 0U; + lit.value[644U] = 0U; + lit.value[645U] = 0U; + lit.value[646U] = 0U; + lit.value[647U] = 0U; + lit.value[648U] = 0U; + lit.value[649U] = 0U; + lit.value[650U] = 0U; + lit.value[651U] = 0U; + lit.value[652U] = 0U; + lit.value[653U] = 0U; + lit.value[654U] = 0U; + lit.value[655U] = 0U; + lit.value[656U] = 0U; + lit.value[657U] = 0U; + lit.value[658U] = 0U; + lit.value[659U] = 0U; + lit.value[660U] = 0U; + lit.value[661U] = 0U; + lit.value[662U] = 0U; + lit.value[663U] = 0U; + lit.value[664U] = 0U; + lit.value[665U] = 0U; + lit.value[666U] = 0U; + lit.value[667U] = 0U; + lit.value[668U] = 0U; + lit.value[669U] = 0U; + lit.value[670U] = 0U; + lit.value[671U] = 0U; + lit.value[672U] = 0U; + lit.value[673U] = 0U; + lit.value[674U] = 0U; + lit.value[675U] = 0U; + lit.value[676U] = 0U; + lit.value[677U] = 0U; + lit.value[678U] = 0U; + lit.value[679U] = 0U; + lit.value[680U] = 0U; + lit.value[681U] = 0U; + lit.value[682U] = 0U; + lit.value[683U] = 0U; + lit.value[684U] = 0U; + lit.value[685U] = 0U; + lit.value[686U] = 0U; + lit.value[687U] = 0U; + lit.value[688U] = 0U; + lit.value[689U] = 0U; + lit.value[690U] = 0U; + lit.value[691U] = 0U; + lit.value[692U] = 0U; + lit.value[693U] = 0U; + lit.value[694U] = 0U; + lit.value[695U] = 0U; + lit.value[696U] = 0U; + lit.value[697U] = 0U; + lit.value[698U] = 0U; + lit.value[699U] = 0U; + lit.value[700U] = 0U; + lit.value[701U] = 0U; + lit.value[702U] = 0U; + lit.value[703U] = 0U; + lit.value[704U] = 0U; + lit.value[705U] = 0U; + lit.value[706U] = 0U; + lit.value[707U] = 0U; + lit.value[708U] = 0U; + lit.value[709U] = 0U; + lit.value[710U] = 0U; + lit.value[711U] = 0U; + lit.value[712U] = 0U; + lit.value[713U] = 0U; + lit.value[714U] = 0U; + lit.value[715U] = 0U; + lit.value[716U] = 0U; + lit.value[717U] = 0U; + lit.value[718U] = 0U; + lit.value[719U] = 0U; + lit.value[720U] = 0U; + lit.value[721U] = 0U; + lit.value[722U] = 0U; + lit.value[723U] = 0U; + lit.value[724U] = 0U; + lit.value[725U] = 0U; + lit.value[726U] = 0U; + lit.value[727U] = 0U; + lit.value[728U] = 0U; + lit.value[729U] = 0U; + lit.value[730U] = 0U; + lit.value[731U] = 0U; + lit.value[732U] = 0U; + lit.value[733U] = 0U; + lit.value[734U] = 0U; + lit.value[735U] = 0U; + lit.value[736U] = 0U; + lit.value[737U] = 0U; + lit.value[738U] = 0U; + lit.value[739U] = 0U; + lit.value[740U] = 0U; + lit.value[741U] = 0U; + lit.value[742U] = 0U; + lit.value[743U] = 0U; + lit.value[744U] = 0U; + lit.value[745U] = 0U; + lit.value[746U] = 0U; + lit.value[747U] = 0U; + lit.value[748U] = 0U; + lit.value[749U] = 0U; + lit.value[750U] = 0U; + lit.value[751U] = 0U; + lit.value[752U] = 0U; + lit.value[753U] = 0U; + lit.value[754U] = 0U; + lit.value[755U] = 0U; + lit.value[756U] = 0U; + lit.value[757U] = 0U; + lit.value[758U] = 0U; + lit.value[759U] = 0U; + lit.value[760U] = 0U; + lit.value[761U] = 0U; + lit.value[762U] = 0U; + lit.value[763U] = 0U; + lit.value[764U] = 0U; + lit.value[765U] = 0U; + lit.value[766U] = 0U; + lit.value[767U] = 0U; + lit.value[768U] = 0U; + lit.value[769U] = 0U; + lit.value[770U] = 0U; + lit.value[771U] = 0U; + lit.value[772U] = 0U; + lit.value[773U] = 0U; + lit.value[774U] = 0U; + lit.value[775U] = 0U; + lit.value[776U] = 0U; + lit.value[777U] = 0U; + lit.value[778U] = 0U; + lit.value[779U] = 0U; + lit.value[780U] = 0U; + lit.value[781U] = 0U; + lit.value[782U] = 0U; + lit.value[783U] = 0U; + lit.value[784U] = 0U; + lit.value[785U] = 0U; + lit.value[786U] = 0U; + lit.value[787U] = 0U; + lit.value[788U] = 0U; + lit.value[789U] = 0U; + lit.value[790U] = 0U; + lit.value[791U] = 0U; + lit.value[792U] = 0U; + lit.value[793U] = 0U; + lit.value[794U] = 0U; + lit.value[795U] = 0U; + lit.value[796U] = 0U; + lit.value[797U] = 0U; + lit.value[798U] = 0U; + lit.value[799U] = 0U; + lit.value[800U] = 0U; + lit.value[801U] = 0U; + lit.value[802U] = 0U; + lit.value[803U] = 0U; + lit.value[804U] = 0U; + lit.value[805U] = 0U; + lit.value[806U] = 0U; + lit.value[807U] = 0U; + lit.value[808U] = 0U; + lit.value[809U] = 0U; + lit.value[810U] = 0U; + lit.value[811U] = 0U; + lit.value[812U] = 0U; + lit.value[813U] = 0U; + lit.value[814U] = 0U; + lit.value[815U] = 0U; + lit.value[816U] = 0U; + lit.value[817U] = 0U; + lit.value[818U] = 0U; + lit.value[819U] = 0U; + lit.value[820U] = 0U; + lit.value[821U] = 0U; + lit.value[822U] = 0U; + lit.value[823U] = 0U; + lit.value[824U] = 0U; + lit.value[825U] = 0U; + lit.value[826U] = 0U; + lit.value[827U] = 0U; + lit.value[828U] = 0U; + lit.value[829U] = 0U; + lit.value[830U] = 0U; + lit.value[831U] = 0U; + lit.value[832U] = 0U; + lit.value[833U] = 0U; + lit.value[834U] = 0U; + lit.value[835U] = 0U; + lit.value[836U] = 0U; + lit.value[837U] = 0U; + lit.value[838U] = 0U; + lit.value[839U] = 0U; + lit.value[840U] = 0U; + lit.value[841U] = 0U; + lit.value[842U] = 0U; + lit.value[843U] = 0U; + lit.value[844U] = 0U; + lit.value[845U] = 0U; + lit.value[846U] = 0U; + lit.value[847U] = 0U; + lit.value[848U] = 0U; + lit.value[849U] = 0U; + lit.value[850U] = 0U; + lit.value[851U] = 0U; + lit.value[852U] = 0U; + lit.value[853U] = 0U; + lit.value[854U] = 0U; + lit.value[855U] = 0U; + lit.value[856U] = 0U; + lit.value[857U] = 0U; + lit.value[858U] = 0U; + lit.value[859U] = 0U; + lit.value[860U] = 0U; + lit.value[861U] = 0U; + lit.value[862U] = 0U; + lit.value[863U] = 0U; + lit.value[864U] = 0U; + lit.value[865U] = 0U; + lit.value[866U] = 0U; + lit.value[867U] = 0U; + lit.value[868U] = 0U; + lit.value[869U] = 0U; + lit.value[870U] = 0U; + lit.value[871U] = 0U; + lit.value[872U] = 0U; + lit.value[873U] = 0U; + lit.value[874U] = 0U; + lit.value[875U] = 0U; + lit.value[876U] = 0U; + lit.value[877U] = 0U; + lit.value[878U] = 0U; + lit.value[879U] = 0U; + lit.value[880U] = 0U; + lit.value[881U] = 0U; + lit.value[882U] = 0U; + lit.value[883U] = 0U; + lit.value[884U] = 0U; + lit.value[885U] = 0U; + lit.value[886U] = 0U; + lit.value[887U] = 0U; + lit.value[888U] = 0U; + lit.value[889U] = 0U; + lit.value[890U] = 0U; + lit.value[891U] = 0U; + lit.value[892U] = 0U; + lit.value[893U] = 0U; + lit.value[894U] = 0U; + lit.value[895U] = 0U; + lit.value[896U] = 0U; + lit.value[897U] = 0U; + lit.value[898U] = 0U; + lit.value[899U] = 0U; + lit.value[900U] = 0U; + lit.value[901U] = 0U; + lit.value[902U] = 0U; + lit.value[903U] = 0U; + lit.value[904U] = 0U; + lit.value[905U] = 0U; + lit.value[906U] = 0U; + lit.value[907U] = 0U; + lit.value[908U] = 0U; + lit.value[909U] = 0U; + lit.value[910U] = 0U; + lit.value[911U] = 0U; + lit.value[912U] = 0U; + lit.value[913U] = 0U; + lit.value[914U] = 0U; + lit.value[915U] = 0U; + lit.value[916U] = 0U; + lit.value[917U] = 0U; + lit.value[918U] = 0U; + lit.value[919U] = 0U; + lit.value[920U] = 0U; + lit.value[921U] = 0U; + lit.value[922U] = 0U; + lit.value[923U] = 0U; + lit.value[924U] = 0U; + lit.value[925U] = 0U; + lit.value[926U] = 0U; + lit.value[927U] = 0U; + lit.value[928U] = 0U; + lit.value[929U] = 0U; + lit.value[930U] = 0U; + lit.value[931U] = 0U; + lit.value[932U] = 0U; + lit.value[933U] = 0U; + lit.value[934U] = 0U; + lit.value[935U] = 0U; + lit.value[936U] = 0U; + lit.value[937U] = 0U; + lit.value[938U] = 0U; + lit.value[939U] = 0U; + lit.value[940U] = 0U; + lit.value[941U] = 0U; + lit.value[942U] = 0U; + lit.value[943U] = 0U; + lit.value[944U] = 0U; + lit.value[945U] = 0U; + lit.value[946U] = 0U; + lit.value[947U] = 0U; + lit.value[948U] = 0U; + lit.value[949U] = 0U; + lit.value[950U] = 0U; + lit.value[951U] = 0U; + lit.value[952U] = 0U; + lit.value[953U] = 0U; + lit.value[954U] = 0U; + lit.value[955U] = 0U; + lit.value[956U] = 0U; + lit.value[957U] = 0U; + lit.value[958U] = 0U; + lit.value[959U] = 0U; + lit.value[960U] = 0U; + lit.value[961U] = 0U; + lit.value[962U] = 0U; + lit.value[963U] = 0U; + lit.value[964U] = 0U; + lit.value[965U] = 0U; + lit.value[966U] = 0U; + lit.value[967U] = 0U; + lit.value[968U] = 0U; + lit.value[969U] = 0U; + lit.value[970U] = 0U; + lit.value[971U] = 0U; + lit.value[972U] = 0U; + lit.value[973U] = 0U; + lit.value[974U] = 0U; + lit.value[975U] = 0U; + lit.value[976U] = 0U; + lit.value[977U] = 0U; + lit.value[978U] = 0U; + lit.value[979U] = 0U; + lit.value[980U] = 0U; + lit.value[981U] = 0U; + lit.value[982U] = 0U; + lit.value[983U] = 0U; + lit.value[984U] = 0U; + lit.value[985U] = 0U; + lit.value[986U] = 0U; + lit.value[987U] = 0U; + lit.value[988U] = 0U; + lit.value[989U] = 0U; + lit.value[990U] = 0U; + lit.value[991U] = 0U; + lit.value[992U] = 0U; + lit.value[993U] = 0U; + lit.value[994U] = 0U; + lit.value[995U] = 0U; + lit.value[996U] = 0U; + lit.value[997U] = 0U; + lit.value[998U] = 0U; + lit.value[999U] = 0U; + lit.value[1000U] = 0U; + lit.value[1001U] = 0U; + lit.value[1002U] = 0U; + lit.value[1003U] = 0U; + lit.value[1004U] = 0U; + lit.value[1005U] = 0U; + lit.value[1006U] = 0U; + lit.value[1007U] = 0U; + lit.value[1008U] = 0U; + lit.value[1009U] = 0U; + lit.value[1010U] = 0U; + lit.value[1011U] = 0U; + lit.value[1012U] = 0U; + lit.value[1013U] = 0U; + lit.value[1014U] = 0U; + lit.value[1015U] = 0U; + lit.value[1016U] = 0U; + lit.value[1017U] = 0U; + lit.value[1018U] = 0U; + lit.value[1019U] = 0U; + lit.value[1020U] = 0U; + lit.value[1021U] = 0U; + lit.value[1022U] = 0U; + lit.value[1023U] = 0U; + lit.value[1024U] = 0U; + lit.value[1025U] = 0U; + lit.value[1026U] = 0U; + lit.value[1027U] = 0U; + lit.value[1028U] = 0U; + lit.value[1029U] = 0U; + lit.value[1030U] = 0U; + lit.value[1031U] = 0U; + lit.value[1032U] = 0U; + lit.value[1033U] = 0U; + lit.value[1034U] = 0U; + lit.value[1035U] = 0U; + lit.value[1036U] = 0U; + lit.value[1037U] = 0U; + lit.value[1038U] = 0U; + lit.value[1039U] = 0U; + lit.value[1040U] = 0U; + lit.value[1041U] = 0U; + lit.value[1042U] = 0U; + lit.value[1043U] = 0U; + lit.value[1044U] = 0U; + lit.value[1045U] = 0U; + lit.value[1046U] = 0U; + lit.value[1047U] = 0U; + lit.value[1048U] = 0U; + lit.value[1049U] = 0U; + lit.value[1050U] = 0U; + lit.value[1051U] = 0U; + lit.value[1052U] = 0U; + lit.value[1053U] = 0U; + lit.value[1054U] = 0U; + lit.value[1055U] = 0U; + lit.value[1056U] = 0U; + lit.value[1057U] = 0U; + lit.value[1058U] = 0U; + lit.value[1059U] = 0U; + lit.value[1060U] = 0U; + lit.value[1061U] = 0U; + lit.value[1062U] = 0U; + lit.value[1063U] = 0U; + lit.value[1064U] = 0U; + lit.value[1065U] = 0U; + lit.value[1066U] = 0U; + lit.value[1067U] = 0U; + lit.value[1068U] = 0U; + lit.value[1069U] = 0U; + lit.value[1070U] = 0U; + lit.value[1071U] = 0U; + lit.value[1072U] = 0U; + lit.value[1073U] = 0U; + lit.value[1074U] = 0U; + lit.value[1075U] = 0U; + lit.value[1076U] = 0U; + lit.value[1077U] = 0U; + lit.value[1078U] = 0U; + lit.value[1079U] = 0U; + lit.value[1080U] = 0U; + lit.value[1081U] = 0U; + lit.value[1082U] = 0U; + lit.value[1083U] = 0U; + lit.value[1084U] = 0U; + lit.value[1085U] = 0U; + lit.value[1086U] = 0U; + lit.value[1087U] = 0U; + lit.value[1088U] = 0U; + lit.value[1089U] = 0U; + lit.value[1090U] = 0U; + lit.value[1091U] = 0U; + lit.value[1092U] = 0U; + lit.value[1093U] = 0U; + lit.value[1094U] = 0U; + lit.value[1095U] = 0U; + lit.value[1096U] = 0U; + lit.value[1097U] = 0U; + lit.value[1098U] = 0U; + lit.value[1099U] = 0U; + lit.value[1100U] = 0U; + lit.value[1101U] = 0U; + lit.value[1102U] = 0U; + lit.value[1103U] = 0U; + lit.value[1104U] = 0U; + lit.value[1105U] = 0U; + lit.value[1106U] = 0U; + lit.value[1107U] = 0U; + lit.value[1108U] = 0U; + lit.value[1109U] = 0U; + lit.value[1110U] = 0U; + lit.value[1111U] = 0U; + lit.value[1112U] = 0U; + lit.value[1113U] = 0U; + lit.value[1114U] = 0U; + lit.value[1115U] = 0U; + lit.value[1116U] = 0U; + lit.value[1117U] = 0U; + lit.value[1118U] = 0U; + lit.value[1119U] = 0U; + lit.value[1120U] = 0U; + lit.value[1121U] = 0U; + lit.value[1122U] = 0U; + lit.value[1123U] = 0U; + lit.value[1124U] = 0U; + lit.value[1125U] = 0U; + lit.value[1126U] = 0U; + lit.value[1127U] = 0U; + lit.value[1128U] = 0U; + lit.value[1129U] = 0U; + lit.value[1130U] = 0U; + lit.value[1131U] = 0U; + lit.value[1132U] = 0U; + lit.value[1133U] = 0U; + lit.value[1134U] = 0U; + lit.value[1135U] = 0U; + lit.value[1136U] = 0U; + lit.value[1137U] = 0U; + lit.value[1138U] = 0U; + lit.value[1139U] = 0U; + lit.value[1140U] = 0U; + lit.value[1141U] = 0U; + lit.value[1142U] = 0U; + lit.value[1143U] = 0U; + lit.value[1144U] = 0U; + lit.value[1145U] = 0U; + lit.value[1146U] = 0U; + lit.value[1147U] = 0U; + lit.value[1148U] = 0U; + lit.value[1149U] = 0U; + lit.value[1150U] = 0U; + lit.value[1151U] = 0U; + lit.value[1152U] = 0U; + lit.value[1153U] = 0U; + lit.value[1154U] = 0U; + lit.value[1155U] = 0U; + lit.value[1156U] = 0U; + lit.value[1157U] = 0U; + lit.value[1158U] = 0U; + lit.value[1159U] = 0U; + lit.value[1160U] = 0U; + lit.value[1161U] = 0U; + lit.value[1162U] = 0U; + lit.value[1163U] = 0U; + lit.value[1164U] = 0U; + lit.value[1165U] = 0U; + lit.value[1166U] = 0U; + lit.value[1167U] = 0U; + lit.value[1168U] = 0U; + lit.value[1169U] = 0U; + lit.value[1170U] = 0U; + lit.value[1171U] = 0U; + lit.value[1172U] = 0U; + lit.value[1173U] = 0U; + lit.value[1174U] = 0U; + lit.value[1175U] = 0U; + lit.value[1176U] = 0U; + lit.value[1177U] = 0U; + lit.value[1178U] = 0U; + lit.value[1179U] = 0U; + lit.value[1180U] = 0U; + lit.value[1181U] = 0U; + lit.value[1182U] = 0U; + lit.value[1183U] = 0U; + lit.value[1184U] = 0U; + lit.value[1185U] = 0U; + lit.value[1186U] = 0U; + lit.value[1187U] = 0U; + lit.value[1188U] = 0U; + lit.value[1189U] = 0U; + lit.value[1190U] = 0U; + lit.value[1191U] = 0U; + lit.value[1192U] = 0U; + lit.value[1193U] = 0U; + lit.value[1194U] = 0U; + lit.value[1195U] = 0U; + lit.value[1196U] = 0U; + lit.value[1197U] = 0U; + lit.value[1198U] = 0U; + lit.value[1199U] = 0U; + lit.value[1200U] = 0U; + lit.value[1201U] = 0U; + lit.value[1202U] = 0U; + lit.value[1203U] = 0U; + lit.value[1204U] = 0U; + lit.value[1205U] = 0U; + lit.value[1206U] = 0U; + lit.value[1207U] = 0U; + lit.value[1208U] = 0U; + lit.value[1209U] = 0U; + lit.value[1210U] = 0U; + lit.value[1211U] = 0U; + lit.value[1212U] = 0U; + lit.value[1213U] = 0U; + lit.value[1214U] = 0U; + lit.value[1215U] = 0U; + lit.value[1216U] = 0U; + lit.value[1217U] = 0U; + lit.value[1218U] = 0U; + lit.value[1219U] = 0U; + lit.value[1220U] = 0U; + lit.value[1221U] = 0U; + lit.value[1222U] = 0U; + lit.value[1223U] = 0U; + lit.value[1224U] = 0U; + lit.value[1225U] = 0U; + lit.value[1226U] = 0U; + lit.value[1227U] = 0U; + lit.value[1228U] = 0U; + lit.value[1229U] = 0U; + lit.value[1230U] = 0U; + lit.value[1231U] = 0U; + lit.value[1232U] = 0U; + lit.value[1233U] = 0U; + lit.value[1234U] = 0U; + lit.value[1235U] = 0U; + lit.value[1236U] = 0U; + lit.value[1237U] = 0U; + lit.value[1238U] = 0U; + lit.value[1239U] = 0U; + lit.value[1240U] = 0U; + lit.value[1241U] = 0U; + lit.value[1242U] = 0U; + lit.value[1243U] = 0U; + lit.value[1244U] = 0U; + lit.value[1245U] = 0U; + lit.value[1246U] = 0U; + lit.value[1247U] = 0U; + lit.value[1248U] = 0U; + lit.value[1249U] = 0U; + lit.value[1250U] = 0U; + lit.value[1251U] = 0U; + lit.value[1252U] = 0U; + lit.value[1253U] = 0U; + lit.value[1254U] = 0U; + lit.value[1255U] = 0U; + lit.value[1256U] = 0U; + lit.value[1257U] = 0U; + lit.value[1258U] = 0U; + lit.value[1259U] = 0U; + lit.value[1260U] = 0U; + lit.value[1261U] = 0U; + lit.value[1262U] = 0U; + lit.value[1263U] = 0U; + lit.value[1264U] = 0U; + lit.value[1265U] = 0U; + lit.value[1266U] = 0U; + lit.value[1267U] = 0U; + lit.value[1268U] = 0U; + lit.value[1269U] = 0U; + lit.value[1270U] = 0U; + lit.value[1271U] = 0U; + lit.value[1272U] = 0U; + lit.value[1273U] = 0U; + lit.value[1274U] = 0U; + lit.value[1275U] = 0U; + lit.value[1276U] = 0U; + lit.value[1277U] = 0U; + lit.value[1278U] = 0U; + lit.value[1279U] = 0U; + lit.value[1280U] = 0U; + lit.value[1281U] = 0U; + lit.value[1282U] = 0U; + lit.value[1283U] = 0U; + lit.value[1284U] = 0U; + lit.value[1285U] = 0U; + lit.value[1286U] = 0U; + lit.value[1287U] = 0U; + lit.value[1288U] = 0U; + lit.value[1289U] = 0U; + lit.value[1290U] = 0U; + lit.value[1291U] = 0U; + lit.value[1292U] = 0U; + lit.value[1293U] = 0U; + lit.value[1294U] = 0U; + lit.value[1295U] = 0U; + lit.value[1296U] = 0U; + lit.value[1297U] = 0U; + lit.value[1298U] = 0U; + lit.value[1299U] = 0U; + lit.value[1300U] = 0U; + lit.value[1301U] = 0U; + lit.value[1302U] = 0U; + lit.value[1303U] = 0U; + lit.value[1304U] = 0U; + lit.value[1305U] = 0U; + lit.value[1306U] = 0U; + lit.value[1307U] = 0U; + lit.value[1308U] = 0U; + lit.value[1309U] = 0U; + lit.value[1310U] = 0U; + lit.value[1311U] = 0U; + lit.value[1312U] = 0U; + lit.value[1313U] = 0U; + lit.value[1314U] = 0U; + lit.value[1315U] = 0U; + lit.value[1316U] = 0U; + lit.value[1317U] = 0U; + lit.value[1318U] = 0U; + lit.value[1319U] = 0U; + lit.value[1320U] = 0U; + lit.value[1321U] = 0U; + lit.value[1322U] = 0U; + lit.value[1323U] = 0U; + lit.value[1324U] = 0U; + lit.value[1325U] = 0U; + lit.value[1326U] = 0U; + lit.value[1327U] = 0U; + lit.value[1328U] = 0U; + lit.value[1329U] = 0U; + lit.value[1330U] = 0U; + lit.value[1331U] = 0U; + lit.value[1332U] = 0U; + lit.value[1333U] = 0U; + lit.value[1334U] = 0U; + lit.value[1335U] = 0U; + lit.value[1336U] = 0U; + lit.value[1337U] = 0U; + lit.value[1338U] = 0U; + lit.value[1339U] = 0U; + lit.value[1340U] = 0U; + lit.value[1341U] = 0U; + lit.value[1342U] = 0U; + lit.value[1343U] = 0U; + lit.value[1344U] = 0U; + lit.value[1345U] = 0U; + lit.value[1346U] = 0U; + lit.value[1347U] = 0U; + lit.value[1348U] = 0U; + lit.value[1349U] = 0U; + lit.value[1350U] = 0U; + lit.value[1351U] = 0U; + lit.value[1352U] = 0U; + lit.value[1353U] = 0U; + lit.value[1354U] = 0U; + lit.value[1355U] = 0U; + lit.value[1356U] = 0U; + lit.value[1357U] = 0U; + lit.value[1358U] = 0U; + lit.value[1359U] = 0U; + lit.value[1360U] = 0U; + lit.value[1361U] = 0U; + lit.value[1362U] = 0U; + lit.value[1363U] = 0U; + lit.value[1364U] = 0U; + lit.value[1365U] = 0U; + lit.value[1366U] = 0U; + lit.value[1367U] = 0U; + lit.value[1368U] = 0U; + lit.value[1369U] = 0U; + lit.value[1370U] = 0U; + lit.value[1371U] = 0U; + lit.value[1372U] = 0U; + lit.value[1373U] = 0U; + lit.value[1374U] = 0U; + lit.value[1375U] = 0U; + lit.value[1376U] = 0U; + lit.value[1377U] = 0U; + lit.value[1378U] = 0U; + lit.value[1379U] = 0U; + lit.value[1380U] = 0U; + lit.value[1381U] = 0U; + lit.value[1382U] = 0U; + lit.value[1383U] = 0U; + lit.value[1384U] = 0U; + lit.value[1385U] = 0U; + lit.value[1386U] = 0U; + lit.value[1387U] = 0U; + lit.value[1388U] = 0U; + lit.value[1389U] = 0U; + lit.value[1390U] = 0U; + lit.value[1391U] = 0U; + lit.value[1392U] = 0U; + lit.value[1393U] = 0U; + lit.value[1394U] = 0U; + lit.value[1395U] = 0U; + lit.value[1396U] = 0U; + lit.value[1397U] = 0U; + lit.value[1398U] = 0U; + lit.value[1399U] = 0U; + lit.value[1400U] = 0U; + lit.value[1401U] = 0U; + lit.value[1402U] = 0U; + lit.value[1403U] = 0U; + lit.value[1404U] = 0U; + lit.value[1405U] = 0U; + lit.value[1406U] = 0U; + lit.value[1407U] = 0U; + lit.value[1408U] = 0U; + lit.value[1409U] = 0U; + lit.value[1410U] = 0U; + lit.value[1411U] = 0U; + lit.value[1412U] = 0U; + lit.value[1413U] = 0U; + lit.value[1414U] = 0U; + lit.value[1415U] = 0U; + lit.value[1416U] = 0U; + lit.value[1417U] = 0U; + lit.value[1418U] = 0U; + lit.value[1419U] = 0U; + lit.value[1420U] = 0U; + lit.value[1421U] = 0U; + lit.value[1422U] = 0U; + lit.value[1423U] = 0U; + lit.value[1424U] = 0U; + lit.value[1425U] = 0U; + lit.value[1426U] = 0U; + lit.value[1427U] = 0U; + lit.value[1428U] = 0U; + lit.value[1429U] = 0U; + lit.value[1430U] = 0U; + lit.value[1431U] = 0U; + lit.value[1432U] = 0U; + lit.value[1433U] = 0U; + lit.value[1434U] = 0U; + lit.value[1435U] = 0U; + lit.value[1436U] = 0U; + lit.value[1437U] = 0U; + lit.value[1438U] = 0U; + lit.value[1439U] = 0U; + lit.value[1440U] = 0U; + lit.value[1441U] = 0U; + lit.value[1442U] = 0U; + lit.value[1443U] = 0U; + lit.value[1444U] = 0U; + lit.value[1445U] = 0U; + lit.value[1446U] = 0U; + lit.value[1447U] = 0U; + lit.value[1448U] = 0U; + lit.value[1449U] = 0U; + lit.value[1450U] = 0U; + lit.value[1451U] = 0U; + lit.value[1452U] = 0U; + lit.value[1453U] = 0U; + lit.value[1454U] = 0U; + lit.value[1455U] = 0U; + lit.value[1456U] = 0U; + lit.value[1457U] = 0U; + lit.value[1458U] = 0U; + lit.value[1459U] = 0U; + lit.value[1460U] = 0U; + lit.value[1461U] = 0U; + lit.value[1462U] = 0U; + lit.value[1463U] = 0U; + lit.value[1464U] = 0U; + lit.value[1465U] = 0U; + lit.value[1466U] = 0U; + lit.value[1467U] = 0U; + lit.value[1468U] = 0U; + lit.value[1469U] = 0U; + lit.value[1470U] = 0U; + lit.value[1471U] = 0U; + lit.value[1472U] = 0U; + lit.value[1473U] = 0U; + lit.value[1474U] = 0U; + lit.value[1475U] = 0U; + lit.value[1476U] = 0U; + lit.value[1477U] = 0U; + lit.value[1478U] = 0U; + lit.value[1479U] = 0U; + lit.value[1480U] = 0U; + lit.value[1481U] = 0U; + lit.value[1482U] = 0U; + lit.value[1483U] = 0U; + lit.value[1484U] = 0U; + lit.value[1485U] = 0U; + lit.value[1486U] = 0U; + lit.value[1487U] = 0U; + lit.value[1488U] = 0U; + lit.value[1489U] = 0U; + lit.value[1490U] = 0U; + lit.value[1491U] = 0U; + lit.value[1492U] = 0U; + lit.value[1493U] = 0U; + lit.value[1494U] = 0U; + lit.value[1495U] = 0U; + lit.value[1496U] = 0U; + lit.value[1497U] = 0U; + lit.value[1498U] = 0U; + lit.value[1499U] = 0U; + lit.value[1500U] = 0U; + lit.value[1501U] = 0U; + lit.value[1502U] = 0U; + lit.value[1503U] = 0U; + lit.value[1504U] = 0U; + lit.value[1505U] = 0U; + lit.value[1506U] = 0U; + lit.value[1507U] = 0U; + lit.value[1508U] = 0U; + lit.value[1509U] = 0U; + lit.value[1510U] = 0U; + lit.value[1511U] = 0U; + lit.value[1512U] = 0U; + lit.value[1513U] = 0U; + lit.value[1514U] = 0U; + lit.value[1515U] = 0U; + lit.value[1516U] = 0U; + lit.value[1517U] = 0U; + lit.value[1518U] = 0U; + lit.value[1519U] = 0U; + lit.value[1520U] = 0U; + lit.value[1521U] = 0U; + lit.value[1522U] = 0U; + lit.value[1523U] = 0U; + lit.value[1524U] = 0U; + lit.value[1525U] = 0U; + lit.value[1526U] = 0U; + lit.value[1527U] = 0U; + lit.value[1528U] = 0U; + lit.value[1529U] = 0U; + lit.value[1530U] = 0U; + lit.value[1531U] = 0U; + lit.value[1532U] = 0U; + lit.value[1533U] = 0U; + lit.value[1534U] = 0U; + lit.value[1535U] = 0U; + lit.value[1536U] = 0U; + lit.value[1537U] = 0U; + lit.value[1538U] = 0U; + lit.value[1539U] = 0U; + lit.value[1540U] = 0U; + lit.value[1541U] = 0U; + lit.value[1542U] = 0U; + lit.value[1543U] = 0U; + lit.value[1544U] = 0U; + lit.value[1545U] = 0U; + lit.value[1546U] = 0U; + lit.value[1547U] = 0U; + lit.value[1548U] = 0U; + lit.value[1549U] = 0U; + lit.value[1550U] = 0U; + lit.value[1551U] = 0U; + lit.value[1552U] = 0U; + lit.value[1553U] = 0U; + lit.value[1554U] = 0U; + lit.value[1555U] = 0U; + lit.value[1556U] = 0U; + lit.value[1557U] = 0U; + lit.value[1558U] = 0U; + lit.value[1559U] = 0U; + lit.value[1560U] = 0U; + lit.value[1561U] = 0U; + lit.value[1562U] = 0U; + lit.value[1563U] = 0U; + lit.value[1564U] = 0U; + lit.value[1565U] = 0U; + lit.value[1566U] = 0U; + lit.value[1567U] = 0U; + lit.value[1568U] = 0U; + lit.value[1569U] = 0U; + lit.value[1570U] = 0U; + lit.value[1571U] = 0U; + lit.value[1572U] = 0U; + lit.value[1573U] = 0U; + lit.value[1574U] = 0U; + lit.value[1575U] = 0U; + lit.value[1576U] = 0U; + lit.value[1577U] = 0U; + lit.value[1578U] = 0U; + lit.value[1579U] = 0U; + lit.value[1580U] = 0U; + lit.value[1581U] = 0U; + lit.value[1582U] = 0U; + lit.value[1583U] = 0U; + lit.value[1584U] = 0U; + lit.value[1585U] = 0U; + lit.value[1586U] = 0U; + lit.value[1587U] = 0U; + lit.value[1588U] = 0U; + lit.value[1589U] = 0U; + lit.value[1590U] = 0U; + lit.value[1591U] = 0U; + lit.value[1592U] = 0U; + lit.value[1593U] = 0U; + lit.value[1594U] = 0U; + lit.value[1595U] = 0U; + lit.value[1596U] = 0U; + lit.value[1597U] = 0U; + lit.value[1598U] = 0U; + lit.value[1599U] = 0U; + lit.value[1600U] = 0U; + lit.value[1601U] = 0U; + lit.value[1602U] = 0U; + lit.value[1603U] = 0U; + lit.value[1604U] = 0U; + lit.value[1605U] = 0U; + lit.value[1606U] = 0U; + lit.value[1607U] = 0U; + lit.value[1608U] = 0U; + lit.value[1609U] = 0U; + lit.value[1610U] = 0U; + lit.value[1611U] = 0U; + lit.value[1612U] = 0U; + lit.value[1613U] = 0U; + lit.value[1614U] = 0U; + lit.value[1615U] = 0U; + lit.value[1616U] = 0U; + lit.value[1617U] = 0U; + lit.value[1618U] = 0U; + lit.value[1619U] = 0U; + lit.value[1620U] = 0U; + lit.value[1621U] = 0U; + lit.value[1622U] = 0U; + lit.value[1623U] = 0U; + lit.value[1624U] = 0U; + lit.value[1625U] = 0U; + lit.value[1626U] = 0U; + lit.value[1627U] = 0U; + lit.value[1628U] = 0U; + lit.value[1629U] = 0U; + lit.value[1630U] = 0U; + lit.value[1631U] = 0U; + lit.value[1632U] = 0U; + lit.value[1633U] = 0U; + lit.value[1634U] = 0U; + lit.value[1635U] = 0U; + lit.value[1636U] = 0U; + lit.value[1637U] = 0U; + lit.value[1638U] = 0U; + lit.value[1639U] = 0U; + lit.value[1640U] = 0U; + lit.value[1641U] = 0U; + lit.value[1642U] = 0U; + lit.value[1643U] = 0U; + lit.value[1644U] = 0U; + lit.value[1645U] = 0U; + lit.value[1646U] = 0U; + lit.value[1647U] = 0U; + lit.value[1648U] = 0U; + lit.value[1649U] = 0U; + lit.value[1650U] = 0U; + lit.value[1651U] = 0U; + lit.value[1652U] = 0U; + lit.value[1653U] = 0U; + lit.value[1654U] = 0U; + lit.value[1655U] = 0U; + lit.value[1656U] = 0U; + lit.value[1657U] = 0U; + lit.value[1658U] = 0U; + lit.value[1659U] = 0U; + lit.value[1660U] = 0U; + lit.value[1661U] = 0U; + lit.value[1662U] = 0U; + lit.value[1663U] = 0U; + lit.value[1664U] = 0U; + lit.value[1665U] = 0U; + lit.value[1666U] = 0U; + lit.value[1667U] = 0U; + lit.value[1668U] = 0U; + lit.value[1669U] = 0U; + lit.value[1670U] = 0U; + lit.value[1671U] = 0U; + lit.value[1672U] = 0U; + lit.value[1673U] = 0U; + lit.value[1674U] = 0U; + lit.value[1675U] = 0U; + lit.value[1676U] = 0U; + lit.value[1677U] = 0U; + lit.value[1678U] = 0U; + lit.value[1679U] = 0U; + lit.value[1680U] = 0U; + lit.value[1681U] = 0U; + lit.value[1682U] = 0U; + lit.value[1683U] = 0U; + lit.value[1684U] = 0U; + lit.value[1685U] = 0U; + lit.value[1686U] = 0U; + lit.value[1687U] = 0U; + lit.value[1688U] = 0U; + lit.value[1689U] = 0U; + lit.value[1690U] = 0U; + lit.value[1691U] = 0U; + lit.value[1692U] = 0U; + lit.value[1693U] = 0U; + lit.value[1694U] = 0U; + lit.value[1695U] = 0U; + lit.value[1696U] = 0U; + lit.value[1697U] = 0U; + lit.value[1698U] = 0U; + lit.value[1699U] = 0U; + lit.value[1700U] = 0U; + lit.value[1701U] = 0U; + lit.value[1702U] = 0U; + lit.value[1703U] = 0U; + lit.value[1704U] = 0U; + lit.value[1705U] = 0U; + lit.value[1706U] = 0U; + lit.value[1707U] = 0U; + lit.value[1708U] = 0U; + lit.value[1709U] = 0U; + lit.value[1710U] = 0U; + lit.value[1711U] = 0U; + lit.value[1712U] = 0U; + lit.value[1713U] = 0U; + lit.value[1714U] = 0U; + lit.value[1715U] = 0U; + lit.value[1716U] = 0U; + lit.value[1717U] = 0U; + lit.value[1718U] = 0U; + lit.value[1719U] = 0U; + lit.value[1720U] = 0U; + lit.value[1721U] = 0U; + lit.value[1722U] = 0U; + lit.value[1723U] = 0U; + lit.value[1724U] = 0U; + lit.value[1725U] = 0U; + lit.value[1726U] = 0U; + lit.value[1727U] = 0U; + lit.value[1728U] = 0U; + lit.value[1729U] = 0U; + lit.value[1730U] = 0U; + lit.value[1731U] = 0U; + lit.value[1732U] = 0U; + lit.value[1733U] = 0U; + lit.value[1734U] = 0U; + lit.value[1735U] = 0U; + lit.value[1736U] = 0U; + lit.value[1737U] = 0U; + lit.value[1738U] = 0U; + lit.value[1739U] = 0U; + lit.value[1740U] = 0U; + lit.value[1741U] = 0U; + lit.value[1742U] = 0U; + lit.value[1743U] = 0U; + lit.value[1744U] = 0U; + lit.value[1745U] = 0U; + lit.value[1746U] = 0U; + lit.value[1747U] = 0U; + lit.value[1748U] = 0U; + lit.value[1749U] = 0U; + lit.value[1750U] = 0U; + lit.value[1751U] = 0U; + lit.value[1752U] = 0U; + lit.value[1753U] = 0U; + lit.value[1754U] = 0U; + lit.value[1755U] = 0U; + lit.value[1756U] = 0U; + lit.value[1757U] = 0U; + lit.value[1758U] = 0U; + lit.value[1759U] = 0U; + lit.value[1760U] = 0U; + lit.value[1761U] = 0U; + lit.value[1762U] = 0U; + lit.value[1763U] = 0U; + lit.value[1764U] = 0U; + lit.value[1765U] = 0U; + lit.value[1766U] = 0U; + lit.value[1767U] = 0U; + lit.value[1768U] = 0U; + lit.value[1769U] = 0U; + lit.value[1770U] = 0U; + lit.value[1771U] = 0U; + lit.value[1772U] = 0U; + lit.value[1773U] = 0U; + lit.value[1774U] = 0U; + lit.value[1775U] = 0U; + lit.value[1776U] = 0U; + lit.value[1777U] = 0U; + lit.value[1778U] = 0U; + lit.value[1779U] = 0U; + lit.value[1780U] = 0U; + lit.value[1781U] = 0U; + lit.value[1782U] = 0U; + lit.value[1783U] = 0U; + lit.value[1784U] = 0U; + lit.value[1785U] = 0U; + lit.value[1786U] = 0U; + lit.value[1787U] = 0U; + lit.value[1788U] = 0U; + lit.value[1789U] = 0U; + lit.value[1790U] = 0U; + lit.value[1791U] = 0U; + lit.value[1792U] = 0U; + lit.value[1793U] = 0U; + lit.value[1794U] = 0U; + lit.value[1795U] = 0U; + lit.value[1796U] = 0U; + lit.value[1797U] = 0U; + lit.value[1798U] = 0U; + lit.value[1799U] = 0U; + lit.value[1800U] = 0U; + lit.value[1801U] = 0U; + lit.value[1802U] = 0U; + lit.value[1803U] = 0U; + lit.value[1804U] = 0U; + lit.value[1805U] = 0U; + lit.value[1806U] = 0U; + lit.value[1807U] = 0U; + lit.value[1808U] = 0U; + lit.value[1809U] = 0U; + lit.value[1810U] = 0U; + lit.value[1811U] = 0U; + lit.value[1812U] = 0U; + lit.value[1813U] = 0U; + lit.value[1814U] = 0U; + lit.value[1815U] = 0U; + lit.value[1816U] = 0U; + lit.value[1817U] = 0U; + lit.value[1818U] = 0U; + lit.value[1819U] = 0U; + lit.value[1820U] = 0U; + lit.value[1821U] = 0U; + lit.value[1822U] = 0U; + lit.value[1823U] = 0U; + lit.value[1824U] = 0U; + lit.value[1825U] = 0U; + lit.value[1826U] = 0U; + lit.value[1827U] = 0U; + lit.value[1828U] = 0U; + lit.value[1829U] = 0U; + lit.value[1830U] = 0U; + lit.value[1831U] = 0U; + lit.value[1832U] = 0U; + lit.value[1833U] = 0U; + lit.value[1834U] = 0U; + lit.value[1835U] = 0U; + lit.value[1836U] = 0U; + lit.value[1837U] = 0U; + lit.value[1838U] = 0U; + lit.value[1839U] = 0U; + lit.value[1840U] = 0U; + lit.value[1841U] = 0U; + lit.value[1842U] = 0U; + lit.value[1843U] = 0U; + lit.value[1844U] = 0U; + lit.value[1845U] = 0U; + lit.value[1846U] = 0U; + lit.value[1847U] = 0U; + lit.value[1848U] = 0U; + lit.value[1849U] = 0U; + lit.value[1850U] = 0U; + lit.value[1851U] = 0U; + lit.value[1852U] = 0U; + lit.value[1853U] = 0U; + lit.value[1854U] = 0U; + lit.value[1855U] = 0U; + lit.value[1856U] = 0U; + lit.value[1857U] = 0U; + lit.value[1858U] = 0U; + lit.value[1859U] = 0U; + lit.value[1860U] = 0U; + lit.value[1861U] = 0U; + lit.value[1862U] = 0U; + lit.value[1863U] = 0U; + lit.value[1864U] = 0U; + lit.value[1865U] = 0U; + lit.value[1866U] = 0U; + lit.value[1867U] = 0U; + lit.value[1868U] = 0U; + lit.value[1869U] = 0U; + lit.value[1870U] = 0U; + lit.value[1871U] = 0U; + lit.value[1872U] = 0U; + lit.value[1873U] = 0U; + lit.value[1874U] = 0U; + lit.value[1875U] = 0U; + lit.value[1876U] = 0U; + lit.value[1877U] = 0U; + lit.value[1878U] = 0U; + lit.value[1879U] = 0U; + lit.value[1880U] = 0U; + lit.value[1881U] = 0U; + lit.value[1882U] = 0U; + lit.value[1883U] = 0U; + lit.value[1884U] = 0U; + lit.value[1885U] = 0U; + lit.value[1886U] = 0U; + lit.value[1887U] = 0U; + lit.value[1888U] = 0U; + lit.value[1889U] = 0U; + lit.value[1890U] = 0U; + lit.value[1891U] = 0U; + lit.value[1892U] = 0U; + lit.value[1893U] = 0U; + lit.value[1894U] = 0U; + lit.value[1895U] = 0U; + lit.value[1896U] = 0U; + lit.value[1897U] = 0U; + lit.value[1898U] = 0U; + lit.value[1899U] = 0U; + lit.value[1900U] = 0U; + lit.value[1901U] = 0U; + lit.value[1902U] = 0U; + lit.value[1903U] = 0U; + lit.value[1904U] = 0U; + lit.value[1905U] = 0U; + lit.value[1906U] = 0U; + lit.value[1907U] = 0U; + lit.value[1908U] = 0U; + lit.value[1909U] = 0U; + lit.value[1910U] = 0U; + lit.value[1911U] = 0U; + lit.value[1912U] = 0U; + lit.value[1913U] = 0U; + lit.value[1914U] = 0U; + lit.value[1915U] = 0U; + lit.value[1916U] = 0U; + lit.value[1917U] = 0U; + lit.value[1918U] = 0U; + lit.value[1919U] = 0U; + lit.value[1920U] = 0U; + lit.value[1921U] = 0U; + lit.value[1922U] = 0U; + lit.value[1923U] = 0U; + lit.value[1924U] = 0U; + lit.value[1925U] = 0U; + lit.value[1926U] = 0U; + lit.value[1927U] = 0U; + lit.value[1928U] = 0U; + lit.value[1929U] = 0U; + lit.value[1930U] = 0U; + lit.value[1931U] = 0U; + lit.value[1932U] = 0U; + lit.value[1933U] = 0U; + lit.value[1934U] = 0U; + lit.value[1935U] = 0U; + lit.value[1936U] = 0U; + lit.value[1937U] = 0U; + lit.value[1938U] = 0U; + lit.value[1939U] = 0U; + lit.value[1940U] = 0U; + lit.value[1941U] = 0U; + lit.value[1942U] = 0U; + lit.value[1943U] = 0U; + lit.value[1944U] = 0U; + lit.value[1945U] = 0U; + lit.value[1946U] = 0U; + lit.value[1947U] = 0U; + lit.value[1948U] = 0U; + lit.value[1949U] = 0U; + lit.value[1950U] = 0U; + lit.value[1951U] = 0U; + lit.value[1952U] = 0U; + lit.value[1953U] = 0U; + lit.value[1954U] = 0U; + lit.value[1955U] = 0U; + lit.value[1956U] = 0U; + lit.value[1957U] = 0U; + lit.value[1958U] = 0U; + lit.value[1959U] = 0U; + lit.value[1960U] = 0U; + lit.value[1961U] = 0U; + lit.value[1962U] = 0U; + lit.value[1963U] = 0U; + lit.value[1964U] = 0U; + lit.value[1965U] = 0U; + lit.value[1966U] = 0U; + lit.value[1967U] = 0U; + lit.value[1968U] = 0U; + lit.value[1969U] = 0U; + lit.value[1970U] = 0U; + lit.value[1971U] = 0U; + lit.value[1972U] = 0U; + lit.value[1973U] = 0U; + lit.value[1974U] = 0U; + lit.value[1975U] = 0U; + lit.value[1976U] = 0U; + lit.value[1977U] = 0U; + lit.value[1978U] = 0U; + lit.value[1979U] = 0U; + lit.value[1980U] = 0U; + lit.value[1981U] = 0U; + lit.value[1982U] = 0U; + lit.value[1983U] = 0U; + lit.value[1984U] = 0U; + lit.value[1985U] = 0U; + lit.value[1986U] = 0U; + lit.value[1987U] = 0U; + lit.value[1988U] = 0U; + lit.value[1989U] = 0U; + lit.value[1990U] = 0U; + lit.value[1991U] = 0U; + lit.value[1992U] = 0U; + lit.value[1993U] = 0U; + lit.value[1994U] = 0U; + lit.value[1995U] = 0U; + lit.value[1996U] = 0U; + lit.value[1997U] = 0U; + lit.value[1998U] = 0U; + lit.value[1999U] = 0U; + lit.value[2000U] = 0U; + lit.value[2001U] = 0U; + lit.value[2002U] = 0U; + lit.value[2003U] = 0U; + lit.value[2004U] = 0U; + lit.value[2005U] = 0U; + lit.value[2006U] = 0U; + lit.value[2007U] = 0U; + lit.value[2008U] = 0U; + lit.value[2009U] = 0U; + lit.value[2010U] = 0U; + lit.value[2011U] = 0U; + lit.value[2012U] = 0U; + lit.value[2013U] = 0U; + lit.value[2014U] = 0U; + lit.value[2015U] = 0U; + lit.value[2016U] = 0U; + lit.value[2017U] = 0U; + lit.value[2018U] = 0U; + lit.value[2019U] = 0U; + lit.value[2020U] = 0U; + lit.value[2021U] = 0U; + lit.value[2022U] = 0U; + lit.value[2023U] = 0U; + lit.value[2024U] = 0U; + lit.value[2025U] = 0U; + lit.value[2026U] = 0U; + lit.value[2027U] = 0U; + lit.value[2028U] = 0U; + lit.value[2029U] = 0U; + lit.value[2030U] = 0U; + lit.value[2031U] = 0U; + lit.value[2032U] = 0U; + lit.value[2033U] = 0U; + lit.value[2034U] = 0U; + lit.value[2035U] = 0U; + lit.value[2036U] = 0U; + lit.value[2037U] = 0U; + lit.value[2038U] = 0U; + lit.value[2039U] = 0U; + lit.value[2040U] = 0U; + lit.value[2041U] = 0U; + lit.value[2042U] = 0U; + lit.value[2043U] = 0U; + lit.value[2044U] = 0U; + lit.value[2045U] = 0U; + lit.value[2046U] = 0U; + lit.value[2047U] = 0U; + lit.value[2048U] = 0U; + lit.value[2049U] = 0U; + lit.value[2050U] = 0U; + lit.value[2051U] = 0U; + lit.value[2052U] = 0U; + lit.value[2053U] = 0U; + lit.value[2054U] = 0U; + lit.value[2055U] = 0U; + lit.value[2056U] = 0U; + lit.value[2057U] = 0U; + lit.value[2058U] = 0U; + lit.value[2059U] = 0U; + lit.value[2060U] = 0U; + lit.value[2061U] = 0U; + lit.value[2062U] = 0U; + lit.value[2063U] = 0U; + lit.value[2064U] = 0U; + lit.value[2065U] = 0U; + lit.value[2066U] = 0U; + lit.value[2067U] = 0U; + lit.value[2068U] = 0U; + lit.value[2069U] = 0U; + lit.value[2070U] = 0U; + lit.value[2071U] = 0U; + lit.value[2072U] = 0U; + lit.value[2073U] = 0U; + lit.value[2074U] = 0U; + lit.value[2075U] = 0U; + lit.value[2076U] = 0U; + lit.value[2077U] = 0U; + lit.value[2078U] = 0U; + lit.value[2079U] = 0U; + lit.value[2080U] = 0U; + lit.value[2081U] = 0U; + lit.value[2082U] = 0U; + lit.value[2083U] = 0U; + lit.value[2084U] = 0U; + lit.value[2085U] = 0U; + lit.value[2086U] = 0U; + lit.value[2087U] = 0U; + lit.value[2088U] = 0U; + lit.value[2089U] = 0U; + lit.value[2090U] = 0U; + lit.value[2091U] = 0U; + lit.value[2092U] = 0U; + lit.value[2093U] = 0U; + lit.value[2094U] = 0U; + lit.value[2095U] = 0U; + lit.value[2096U] = 0U; + lit.value[2097U] = 0U; + lit.value[2098U] = 0U; + lit.value[2099U] = 0U; + lit.value[2100U] = 0U; + lit.value[2101U] = 0U; + lit.value[2102U] = 0U; + lit.value[2103U] = 0U; + lit.value[2104U] = 0U; + lit.value[2105U] = 0U; + lit.value[2106U] = 0U; + lit.value[2107U] = 0U; + lit.value[2108U] = 0U; + lit.value[2109U] = 0U; + lit.value[2110U] = 0U; + lit.value[2111U] = 0U; + lit.value[2112U] = 0U; + lit.value[2113U] = 0U; + lit.value[2114U] = 0U; + lit.value[2115U] = 0U; + lit.value[2116U] = 0U; + lit.value[2117U] = 0U; + lit.value[2118U] = 0U; + lit.value[2119U] = 0U; + lit.value[2120U] = 0U; + lit.value[2121U] = 0U; + lit.value[2122U] = 0U; + lit.value[2123U] = 0U; + lit.value[2124U] = 0U; + lit.value[2125U] = 0U; + lit.value[2126U] = 0U; + lit.value[2127U] = 0U; + lit.value[2128U] = 0U; + lit.value[2129U] = 0U; + lit.value[2130U] = 0U; + lit.value[2131U] = 0U; + lit.value[2132U] = 0U; + lit.value[2133U] = 0U; + lit.value[2134U] = 0U; + lit.value[2135U] = 0U; + lit.value[2136U] = 0U; + lit.value[2137U] = 0U; + lit.value[2138U] = 0U; + lit.value[2139U] = 0U; + lit.value[2140U] = 0U; + lit.value[2141U] = 0U; + lit.value[2142U] = 0U; + lit.value[2143U] = 0U; + lit.value[2144U] = 0U; + lit.value[2145U] = 0U; + lit.value[2146U] = 0U; + lit.value[2147U] = 0U; + lit.value[2148U] = 0U; + lit.value[2149U] = 0U; + lit.value[2150U] = 0U; + lit.value[2151U] = 0U; + lit.value[2152U] = 0U; + lit.value[2153U] = 0U; + lit.value[2154U] = 0U; + lit.value[2155U] = 0U; + lit.value[2156U] = 0U; + lit.value[2157U] = 0U; + lit.value[2158U] = 0U; + lit.value[2159U] = 0U; + lit.value[2160U] = 0U; + lit.value[2161U] = 0U; + lit.value[2162U] = 0U; + lit.value[2163U] = 0U; + lit.value[2164U] = 0U; + lit.value[2165U] = 0U; + lit.value[2166U] = 0U; + lit.value[2167U] = 0U; + lit.value[2168U] = 0U; + lit.value[2169U] = 0U; + lit.value[2170U] = 0U; + lit.value[2171U] = 0U; + lit.value[2172U] = 0U; + lit.value[2173U] = 0U; + lit.value[2174U] = 0U; + lit.value[2175U] = 0U; + lit.value[2176U] = 0U; + lit.value[2177U] = 0U; + lit.value[2178U] = 0U; + lit.value[2179U] = 0U; + lit.value[2180U] = 0U; + lit.value[2181U] = 0U; + lit.value[2182U] = 0U; + lit.value[2183U] = 0U; + lit.value[2184U] = 0U; + lit.value[2185U] = 0U; + lit.value[2186U] = 0U; + lit.value[2187U] = 0U; + lit.value[2188U] = 0U; + lit.value[2189U] = 0U; + lit.value[2190U] = 0U; + lit.value[2191U] = 0U; + lit.value[2192U] = 0U; + lit.value[2193U] = 0U; + lit.value[2194U] = 0U; + lit.value[2195U] = 0U; + lit.value[2196U] = 0U; + lit.value[2197U] = 0U; + lit.value[2198U] = 0U; + lit.value[2199U] = 0U; + lit.value[2200U] = 0U; + lit.value[2201U] = 0U; + lit.value[2202U] = 0U; + lit.value[2203U] = 0U; + lit.value[2204U] = 0U; + lit.value[2205U] = 0U; + lit.value[2206U] = 0U; + lit.value[2207U] = 0U; + lit.value[2208U] = 0U; + lit.value[2209U] = 0U; + lit.value[2210U] = 0U; + lit.value[2211U] = 0U; + lit.value[2212U] = 0U; + lit.value[2213U] = 0U; + lit.value[2214U] = 0U; + lit.value[2215U] = 0U; + lit.value[2216U] = 0U; + lit.value[2217U] = 0U; + lit.value[2218U] = 0U; + lit.value[2219U] = 0U; + lit.value[2220U] = 0U; + lit.value[2221U] = 0U; + lit.value[2222U] = 0U; + lit.value[2223U] = 0U; + lit.value[2224U] = 0U; + lit.value[2225U] = 0U; + lit.value[2226U] = 0U; + lit.value[2227U] = 0U; + lit.value[2228U] = 0U; + lit.value[2229U] = 0U; + lit.value[2230U] = 0U; + lit.value[2231U] = 0U; + lit.value[2232U] = 0U; + lit.value[2233U] = 0U; + lit.value[2234U] = 0U; + lit.value[2235U] = 0U; + lit.value[2236U] = 0U; + lit.value[2237U] = 0U; + lit.value[2238U] = 0U; + lit.value[2239U] = 0U; + lit.value[2240U] = 0U; + lit.value[2241U] = 0U; + lit.value[2242U] = 0U; + lit.value[2243U] = 0U; + lit.value[2244U] = 0U; + lit.value[2245U] = 0U; + lit.value[2246U] = 0U; + lit.value[2247U] = 0U; + lit.value[2248U] = 0U; + lit.value[2249U] = 0U; + lit.value[2250U] = 0U; + lit.value[2251U] = 0U; + lit.value[2252U] = 0U; + lit.value[2253U] = 0U; + lit.value[2254U] = 0U; + lit.value[2255U] = 0U; + lit.value[2256U] = 0U; + lit.value[2257U] = 0U; + lit.value[2258U] = 0U; + lit.value[2259U] = 0U; + lit.value[2260U] = 0U; + lit.value[2261U] = 0U; + lit.value[2262U] = 0U; + lit.value[2263U] = 0U; + lit.value[2264U] = 0U; + lit.value[2265U] = 0U; + lit.value[2266U] = 0U; + lit.value[2267U] = 0U; + lit.value[2268U] = 0U; + lit.value[2269U] = 0U; + lit.value[2270U] = 0U; + lit.value[2271U] = 0U; + lit.value[2272U] = 0U; + lit.value[2273U] = 0U; + lit.value[2274U] = 0U; + lit.value[2275U] = 0U; + lit.value[2276U] = 0U; + lit.value[2277U] = 0U; + lit.value[2278U] = 0U; + lit.value[2279U] = 0U; + lit.value[2280U] = 0U; + lit.value[2281U] = 0U; + lit.value[2282U] = 0U; + lit.value[2283U] = 0U; + lit.value[2284U] = 0U; + lit.value[2285U] = 0U; + lit.value[2286U] = 0U; + lit.value[2287U] = 0U; + lit.value[2288U] = 0U; + lit.value[2289U] = 0U; + lit.value[2290U] = 0U; + lit.value[2291U] = 0U; + lit.value[2292U] = 0U; + lit.value[2293U] = 0U; + lit.value[2294U] = 0U; + lit.value[2295U] = 0U; + lit.value[2296U] = 0U; + lit.value[2297U] = 0U; + lit.value[2298U] = 0U; + lit.value[2299U] = 0U; + lit.value[2300U] = 0U; + lit.value[2301U] = 0U; + lit.value[2302U] = 0U; + lit.value[2303U] = 0U; + lit.value[2304U] = 0U; + lit.value[2305U] = 0U; + lit.value[2306U] = 0U; + lit.value[2307U] = 0U; + lit.value[2308U] = 0U; + lit.value[2309U] = 0U; + lit.value[2310U] = 0U; + lit.value[2311U] = 0U; + lit.value[2312U] = 0U; + lit.value[2313U] = 0U; + lit.value[2314U] = 0U; + lit.value[2315U] = 0U; + lit.value[2316U] = 0U; + lit.value[2317U] = 0U; + lit.value[2318U] = 0U; + lit.value[2319U] = 0U; + lit.value[2320U] = 0U; + lit.value[2321U] = 0U; + lit.value[2322U] = 0U; + lit.value[2323U] = 0U; + lit.value[2324U] = 0U; + lit.value[2325U] = 0U; + lit.value[2326U] = 0U; + lit.value[2327U] = 0U; + lit.value[2328U] = 0U; + lit.value[2329U] = 0U; + lit.value[2330U] = 0U; + lit.value[2331U] = 0U; + lit.value[2332U] = 0U; + lit.value[2333U] = 0U; + lit.value[2334U] = 0U; + lit.value[2335U] = 0U; + lit.value[2336U] = 0U; + lit.value[2337U] = 0U; + lit.value[2338U] = 0U; + lit.value[2339U] = 0U; + lit.value[2340U] = 0U; + lit.value[2341U] = 0U; + lit.value[2342U] = 0U; + lit.value[2343U] = 0U; + lit.value[2344U] = 0U; + lit.value[2345U] = 0U; + lit.value[2346U] = 0U; + lit.value[2347U] = 0U; + lit.value[2348U] = 0U; + lit.value[2349U] = 0U; + lit.value[2350U] = 0U; + lit.value[2351U] = 0U; + lit.value[2352U] = 0U; + lit.value[2353U] = 0U; + lit.value[2354U] = 0U; + lit.value[2355U] = 0U; + lit.value[2356U] = 0U; + lit.value[2357U] = 0U; + lit.value[2358U] = 0U; + lit.value[2359U] = 0U; + lit.value[2360U] = 0U; + lit.value[2361U] = 0U; + lit.value[2362U] = 0U; + lit.value[2363U] = 0U; + lit.value[2364U] = 0U; + lit.value[2365U] = 0U; + lit.value[2366U] = 0U; + lit.value[2367U] = 0U; + lit.value[2368U] = 0U; + lit.value[2369U] = 0U; + lit.value[2370U] = 0U; + lit.value[2371U] = 0U; + lit.value[2372U] = 0U; + lit.value[2373U] = 0U; + lit.value[2374U] = 0U; + lit.value[2375U] = 0U; + lit.value[2376U] = 0U; + lit.value[2377U] = 0U; + lit.value[2378U] = 0U; + lit.value[2379U] = 0U; + lit.value[2380U] = 0U; + lit.value[2381U] = 0U; + lit.value[2382U] = 0U; + lit.value[2383U] = 0U; + lit.value[2384U] = 0U; + lit.value[2385U] = 0U; + lit.value[2386U] = 0U; + lit.value[2387U] = 0U; + lit.value[2388U] = 0U; + lit.value[2389U] = 0U; + lit.value[2390U] = 0U; + lit.value[2391U] = 0U; + lit.value[2392U] = 0U; + lit.value[2393U] = 0U; + lit.value[2394U] = 0U; + lit.value[2395U] = 0U; + lit.value[2396U] = 0U; + lit.value[2397U] = 0U; + lit.value[2398U] = 0U; + lit.value[2399U] = 0U; + return lit; +} + typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; @@ -257,15 +2681,6 @@ libcrux_ml_kem_types_from_40_d0(uint8_t value[1184U]) { return lit; } -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $2400size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s { - uint8_t value[2400U]; -} libcrux_ml_kem_types_MlKemPrivateKey_d9; - typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPrivateKey_d9 sk; libcrux_ml_kem_types_MlKemPublicKey_30 pk; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 6c6feaf4c..aa4b0922f 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa + * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index ecbf914f8..26a084d4a 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa + * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d */ #ifndef __libcrux_mlkem768_avx2_H @@ -6966,7 +6966,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c6( Generate ML-KEM 768 Key Pair in "unpacked" form. */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) { /* Passing arrays by value in Rust generates a copy in C */ @@ -7082,6 +7082,22 @@ static KRML_MUSTINLINE .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_ab()}); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked +libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( + uint8_t randomness[64U]) { + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = + libcrux_ml_kem_ind_cca_unpacked_default_07_ab(); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(uu____0, + &key_pair); + return key_pair; +} + /** Create a new, empty unpacked key. */ @@ -7142,15 +7158,115 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_2f( /** Get the serialized private key. */ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_de with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +*/ KRML_ATTRIBUTE_TARGET("avx2") -static inline void +static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPrivateKey_d9 +libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_de_2f( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { + libcrux_ml_kem_types_MlKemPrivateKey_d9 sk = + libcrux_ml_kem_types_default_9e_28(); + libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_2f(self, &sk); + return sk; +} + +/** + Get the serialized private key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_private_key( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_de_2f(key_pair); +} + +/** + Get the serialized private key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_private_key_mut( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_2f(key_pair, serialized); } +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_dd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30 +libcrux_ml_kem_ind_cca_unpacked_serialized_dd_ed( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self) { + uint8_t ret[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_ed( + self->ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, + uint8_t), + ret); + return libcrux_ml_kem_types_from_40_d0(ret); +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_de with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30 +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_de_ed( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_dd_ed(&self->public_key); +} + +/** + Get the serialized public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_types_MlKemPublicKey_30 +libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_de_ed(key_pair); +} + /** Get the serialized public key. */ @@ -7209,7 +7325,7 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_ed( */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( +libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key_mut( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_ed(key_pair, diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index b6959e0ba..52737dadb 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa + * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 649fb4071..acaa8a3b9 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa + * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d */ #ifndef __libcrux_mlkem768_portable_H @@ -7365,7 +7365,8 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_c6( /** Generate ML-KEM 768 Key Pair in "unpacked" form. */ -static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair) { @@ -7480,6 +7481,21 @@ static KRML_MUSTINLINE .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_1b()}); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form. +*/ +static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked +libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( + uint8_t randomness[64U]) { + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = + libcrux_ml_kem_ind_cca_unpacked_default_07_1b(); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(uu____0, + &key_pair); + return key_pair; +} + /** Create a new, empty unpacked key. */ @@ -7537,14 +7553,111 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_42( /** Get the serialized private key. */ -static inline void +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_de with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPrivateKey_d9 +libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_de_42( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { + libcrux_ml_kem_types_MlKemPrivateKey_d9 sk = + libcrux_ml_kem_types_default_9e_28(); + libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_42(self, &sk); + return sk; +} + +/** + Get the serialized private key. +*/ +static inline libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_de_42(key_pair); +} + +/** + Get the serialized private key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key_mut( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_de_42(key_pair, serialized); } +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_dd +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30 +libcrux_ml_kem_ind_cca_unpacked_serialized_dd_6c( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { + uint8_t ret[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_6c( + self->ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, + uint8_t), + ret); + return libcrux_ml_kem_types_from_40_d0(ret); +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_de with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30 +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_de_6c( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_dd_6c(&self->public_key); +} + +/** + Get the serialized public key. +*/ +static inline libcrux_ml_kem_types_MlKemPublicKey_30 +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_de_6c(key_pair); +} + /** Get the serialized public key. */ @@ -7600,7 +7713,7 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6c( Get the serialized public key. */ static inline void -libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key_mut( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6c(key_pair, diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 8ae539d0b..1b929c571 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa + * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 391020429..811a9b876 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa + * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index dd83a693a..3b958816e 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 75e282cbd9d989f980f36a2a321327b706233efa + * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d */ #ifndef __libcrux_sha3_portable_H diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 789ce2081..1b8b88d9f 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -385,11 +385,15 @@ pub(crate) mod unpacked { >( &self, ) -> MlKemPublicKey { - serialize_public_key::( + MlKemPublicKey::from(serialize_public_key::< + K, + RANKED_BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + Vector, + >( &self.ind_cpa_public_key.t_as_ntt, &self.ind_cpa_public_key.seed_for_A, - ) - .into() + )) } } diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 193f08ed9..6b02c8382 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -254,10 +254,25 @@ macro_rules! instantiate { } /// Get the serialized private key. - pub fn key_pair_serialized_private_key(key_pair: &MlKem1024KeyPairUnpacked, serialized : &mut MlKem1024PrivateKey) { + pub fn key_pair_serialized_private_key(key_pair: &MlKem1024KeyPairUnpacked) -> MlKem1024PrivateKey { + key_pair.serialized_private_key::() + } + + /// Get the serialized private key. + pub fn key_pair_serialized_private_key_mut(key_pair: &MlKem1024KeyPairUnpacked, serialized : &mut MlKem1024PrivateKey) { key_pair.serialized_private_key_mut::(serialized); } + /// Get the serialized public key. + pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem1024KeyPairUnpacked, serialized: &mut MlKem1024PublicKey) { + key_pair.serialized_public_key_mut::(serialized); + } + + /// Get the serialized public key. + pub fn key_pair_serialized_public_key(key_pair: &MlKem1024KeyPairUnpacked) ->MlKem1024PublicKey { + key_pair.serialized_public_key::() + } + /// Get the unpacked public key. pub fn unpacked_public_key( public_key: &MlKem1024PublicKey, @@ -271,8 +286,17 @@ macro_rules! instantiate { >(public_key, unpacked_public_key) } - /// Generate ML-KEM 1024 Key Pair in "unpacked" form + /// Generate ML-KEM 1024 Key Pair in "unpacked" form. pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE] + ) -> MlKem1024KeyPairUnpacked { + let mut key_pair = MlKem1024KeyPairUnpacked::default(); + generate_key_pair_mut(randomness, &mut key_pair); + key_pair + } + + /// Generate ML-KEM 1024 Key Pair in "unpacked" form + pub fn generate_key_pair_mut( randomness: [u8; KEY_GENERATION_SEED_SIZE], key_pair: &mut MlKem1024KeyPairUnpacked, ) { diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index f9777825c..1a1213d02 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -251,10 +251,25 @@ macro_rules! instantiate { } /// Get the serialized private key. - pub fn key_pair_serialized_private_key(key_pair: &MlKem512KeyPairUnpacked, serialized : &mut MlKem512PrivateKey) { + pub fn key_pair_serialized_private_key(key_pair: &MlKem512KeyPairUnpacked) -> MlKem512PrivateKey { + key_pair.serialized_private_key::() + } + + /// Get the serialized private key. + pub fn key_pair_serialized_private_key_mut(key_pair: &MlKem512KeyPairUnpacked, serialized : &mut MlKem512PrivateKey) { key_pair.serialized_private_key_mut::(serialized); } + /// Get the serialized public key. + pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem512KeyPairUnpacked, serialized: &mut MlKem512PublicKey) { + key_pair.serialized_public_key_mut::(serialized); + } + + /// Get the serialized public key. + pub fn key_pair_serialized_public_key(key_pair: &MlKem512KeyPairUnpacked) ->MlKem512PublicKey { + key_pair.serialized_public_key::() + } + /// Get the unpacked public key. pub fn unpacked_public_key( public_key: &MlKem512PublicKey, @@ -268,8 +283,17 @@ macro_rules! instantiate { >(public_key, unpacked_public_key) } - /// Generate ML-KEM 512 Key Pair in "unpacked" form + /// Generate ML-KEM 512 Key Pair in "unpacked" form. pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE] + ) -> MlKem512KeyPairUnpacked { + let mut key_pair = MlKem512KeyPairUnpacked::default(); + generate_key_pair_mut(randomness, &mut key_pair); + key_pair + } + + /// Generate ML-KEM 512 Key Pair in "unpacked" form + pub fn generate_key_pair_mut( randomness: [u8; KEY_GENERATION_SEED_SIZE], key_pair: &mut MlKem512KeyPairUnpacked, ) { diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 6ebe30ece..793e2a5ce 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -247,15 +247,25 @@ macro_rules! instantiate { } /// Get the serialized private key. - pub fn key_pair_serialized_private_key(key_pair: &MlKem768KeyPairUnpacked, serialized : &mut MlKem768PrivateKey) { + pub fn key_pair_serialized_private_key(key_pair: &MlKem768KeyPairUnpacked) -> MlKem768PrivateKey { + key_pair.serialized_private_key::() + } + + /// Get the serialized private key. + pub fn key_pair_serialized_private_key_mut(key_pair: &MlKem768KeyPairUnpacked, serialized: &mut MlKem768PrivateKey) { key_pair.serialized_private_key_mut::(serialized); } /// Get the serialized public key. - pub fn key_pair_serialized_public_key(key_pair: &MlKem768KeyPairUnpacked, serialized : &mut MlKem768PublicKey) { + pub fn key_pair_serialized_public_key_mut(key_pair: &MlKem768KeyPairUnpacked, serialized: &mut MlKem768PublicKey) { key_pair.serialized_public_key_mut::(serialized); } + /// Get the serialized public key. + pub fn key_pair_serialized_public_key(key_pair: &MlKem768KeyPairUnpacked) ->MlKem768PublicKey { + key_pair.serialized_public_key::() + } + /// Get the unpacked public key. pub fn public_key(key_pair: &MlKem768KeyPairUnpacked, pk: &mut MlKem768PublicKeyUnpacked) { *pk = (*key_pair.public_key()).clone(); @@ -276,6 +286,15 @@ macro_rules! instantiate { /// Generate ML-KEM 768 Key Pair in "unpacked" form. pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE] + ) -> MlKem768KeyPairUnpacked { + let mut key_pair = MlKem768KeyPairUnpacked::default(); + generate_key_pair_mut(randomness, &mut key_pair); + key_pair + } + + /// Generate ML-KEM 768 Key Pair in "unpacked" form. + pub fn generate_key_pair_mut( randomness: [u8; KEY_GENERATION_SEED_SIZE], key_pair: &mut MlKem768KeyPairUnpacked, ) { diff --git a/libcrux-ml-kem/tests/nistkats.rs b/libcrux-ml-kem/tests/nistkats.rs index 76abc4316..9c3cdd1fd 100644 --- a/libcrux-ml-kem/tests/nistkats.rs +++ b/libcrux-ml-kem/tests/nistkats.rs @@ -46,6 +46,20 @@ macro_rules! impl_nist_known_answer_tests { #[cfg(feature = "pre-verification")] assert!(validate_public_key(key_pair.public_key())); + #[cfg(feature = "pre-verification")] + { + let unpacked_keys = unpacked::generate_key_pair(kat.key_generation_seed); + + let pk = unpacked::key_pair_serialized_public_key(&unpacked_keys); + let sk = unpacked::key_pair_serialized_private_key(&unpacked_keys); + + let public_key_hash = sha256(pk.as_slice()); + let secret_key_hash = sha256(sk.as_slice()); + + assert_eq!(public_key_hash, kat.sha3_256_hash_of_public_key, "lhs: computed public key hash, rhs: hash from kat"); + assert_eq!(secret_key_hash, kat.sha3_256_hash_of_secret_key, "lhs: computed secret key hash, rhs: hash from kat"); + } + let public_key_hash = sha256(key_pair.pk()); eprintln!("pk hash: {}", hex::encode(public_key_hash)); let secret_key_hash = sha256(key_pair.sk()); From cf8ec24295e19a56945660d211d9bd2e929ea08e Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 10 Oct 2024 18:43:10 +0000 Subject: [PATCH 05/17] unpacked key from private key --- libcrux-ml-kem/src/ind_cca.rs | 85 +++++++++++++++++++++++++++++++-- libcrux-ml-kem/src/ind_cpa.rs | 65 +++++++++++++++++-------- libcrux-ml-kem/src/mlkem1024.rs | 6 +++ libcrux-ml-kem/src/mlkem512.rs | 6 +++ libcrux-ml-kem/src/mlkem768.rs | 6 +++ libcrux-ml-kem/tests/self.rs | 16 +++---- 6 files changed, 154 insertions(+), 30 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 1b8b88d9f..0fefc40a3 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -243,9 +243,8 @@ pub(crate) fn decapsulate< private_key: &MlKemPrivateKey, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { - let (ind_cpa_secret_key, secret_key) = private_key.value.split_at(CPA_SECRET_KEY_SIZE); - let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE); - let (ind_cpa_public_key_hash, implicit_rejection_value) = secret_key.split_at(H_DIGEST_SIZE); + let (ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value) = + unpack_private_key::(private_key); let decrypted = crate::ind_cpa::decrypt::< K, @@ -296,6 +295,24 @@ pub(crate) fn decapsulate< ) } +fn unpack_private_key< + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, +>( + private_key: &MlKemPrivateKey, +) -> (&[u8], &[u8], &[u8], &[u8]) { + let (ind_cpa_secret_key, secret_key) = private_key.value.split_at(CPA_SECRET_KEY_SIZE); + let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE); + let (ind_cpa_public_key_hash, implicit_rejection_value) = secret_key.split_at(H_DIGEST_SIZE); + ( + ind_cpa_secret_key, + ind_cpa_public_key, + ind_cpa_public_key_hash, + implicit_rejection_value, + ) +} + /// Types for the unpacked API. pub(crate) mod unpacked { use core::array::from_fn; @@ -414,6 +431,52 @@ pub(crate) mod unpacked { Self::default() } + /// Take a serialized private key and generate an unpacked key pair from it. + /// + /// Note that we can't restore the seed for A. But it's not needed. + /// However, the unpacked public key in a key generated like this + /// is not fully usable. + #[inline(always)] + pub fn from_private_key< + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + >( + private_key: &MlKemPrivateKey, + ) -> Self { + let mut out = Self::default(); + let ( + ind_cpa_secret_key, + ind_cpa_public_key, + ind_cpa_public_key_hash, + implicit_rejection_value, + ) = unpack_private_key::( + private_key, + ); + out.private_key.ind_cpa_private_key.secret_as_ntt = + ind_cpa::deserialize_secret_key::(ind_cpa_secret_key); + ind_cpa::build_unpacked_public_key_mut::< + K, + T_AS_NTT_ENCODED_SIZE, + Vector, + PortableHash, + >(ind_cpa_public_key, &mut out.public_key.ind_cpa_public_key); + out.public_key + .public_key_hash + .copy_from_slice(ind_cpa_public_key_hash); + + build_unpacked_keys::< + K, + BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + Vector, + PortableHash, + >(&mut out, implicit_rejection_value); + out + } + /// Get the serialized public key. #[inline(always)] pub fn serialized_public_key_mut< @@ -535,6 +598,22 @@ pub(crate) mod unpacked { &mut out.public_key.ind_cpa_public_key, ); + build_unpacked_keys::( + out, + implicit_rejection_value, + ); + } + + fn build_unpacked_keys< + const K: usize, + const BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + Vector: Operations, + Hasher: Hash, + >( + out: &mut MlKemKeyPairUnpacked, + implicit_rejection_value: &[u8], + ) { // We need to un-transpose the A_transpose matrix provided by IND-CPA // We would like to write the following but it is not supported by Eurydice yet. // https://github.com/AeneasVerif/eurydice/issues/39 diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index f9e81a52c..a13f08bfb 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -488,8 +488,53 @@ pub(crate) fn encrypt< message: [u8; SHARED_SECRET_SIZE], randomness: &[u8], ) -> [u8; CIPHERTEXT_SIZE] { + let unpacked_public_key = + build_unpacked_public_key::(public_key); + + // After unpacking the public key we can now call the unpacked decryption. + encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_LEN, + C2_LEN, + U_COMPRESSION_FACTOR, + V_COMPRESSION_FACTOR, + BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >(&unpacked_public_key, message, randomness) +} + +fn build_unpacked_public_key< + const K: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + Vector: Operations, + Hasher: Hash, +>( + public_key: &[u8], +) -> IndCpaPublicKeyUnpacked { let mut unpacked_public_key = IndCpaPublicKeyUnpacked::::default(); + build_unpacked_public_key_mut::( + public_key, + &mut unpacked_public_key, + ); + unpacked_public_key +} +pub(crate) fn build_unpacked_public_key_mut< + const K: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + Vector: Operations, + Hasher: Hash, +>( + public_key: &[u8], + unpacked_public_key: &mut IndCpaPublicKeyUnpacked, +) { // tˆ := Decode_12(pk) deserialize_ring_elements_reduced::( &public_key[..T_AS_NTT_ENCODED_SIZE], @@ -508,24 +553,6 @@ pub(crate) fn encrypt< into_padded_array(seed), false, ); - - // After unpacking the public key we can now call the unpacked decryption. - encrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_LEN, - C2_LEN, - U_COMPRESSION_FACTOR, - V_COMPRESSION_FACTOR, - BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - Vector, - Hasher, - >(&unpacked_public_key, message, randomness) } /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element @@ -554,7 +581,7 @@ fn deserialize_then_decompress_u< /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. #[inline(always)] -fn deserialize_secret_key( +pub(crate) fn deserialize_secret_key( secret_key: &[u8], ) -> [PolynomialRingElement; K] { let mut secret_as_ntt = from_fn(|_| PolynomialRingElement::::ZERO()); diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 6b02c8382..5ec6d7128 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -273,6 +273,12 @@ macro_rules! instantiate { key_pair.serialized_public_key::() } + /// Get an unpacked key from a private key. + /// Note that this is missing the seed of A, which is unrecoverable. + pub fn key_pair_from_private_mut(private_key: &MlKem1024PrivateKey, key_pair: &mut MlKem1024KeyPairUnpacked) { + *key_pair = MlKem1024KeyPairUnpacked::from_private_key::(private_key); + } + /// Get the unpacked public key. pub fn unpacked_public_key( public_key: &MlKem1024PublicKey, diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 1a1213d02..0f85681b0 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -270,6 +270,12 @@ macro_rules! instantiate { key_pair.serialized_public_key::() } + /// Get an unpacked key from a private key. + /// Note that this is missing the seed of A, which is unrecoverable. + pub fn key_pair_from_private_mut(private_key: &MlKem512PrivateKey, key_pair: &mut MlKem512KeyPairUnpacked) { + *key_pair = MlKem512KeyPairUnpacked::from_private_key::(private_key); + } + /// Get the unpacked public key. pub fn unpacked_public_key( public_key: &MlKem512PublicKey, diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 793e2a5ce..82eb5ab4f 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -266,6 +266,12 @@ macro_rules! instantiate { key_pair.serialized_public_key::() } + /// Get an unpacked key from a private key. + /// Note that this is missing the seed of A, which is unrecoverable. + pub fn key_pair_from_private_mut(private_key: &MlKem768PrivateKey, key_pair: &mut MlKem768KeyPairUnpacked) { + *key_pair = MlKem768KeyPairUnpacked::from_private_key::(private_key); + } + /// Get the unpacked public key. pub fn public_key(key_pair: &MlKem768KeyPairUnpacked, pk: &mut MlKem768PublicKeyUnpacked) { *pk = (*key_pair.public_key()).clone(); diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 849451b42..b012a5c3e 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -45,18 +45,14 @@ macro_rules! impl_consistency_unpacked { let randomness = random_array(); // Generate unpacked key - let mut key_pair_unpacked = Default::default(); - p::unpacked::generate_key_pair(randomness, &mut key_pair_unpacked); + let key_pair_unpacked = p::unpacked::generate_key_pair(randomness); // Generate regular key let key_pair = p::generate_key_pair(randomness); // Ensure the two keys are the same - let mut serialized_public_key = Default::default(); - p::unpacked::serialized_public_key( - key_pair_unpacked.public_key(), - &mut serialized_public_key, - ); + let serialized_public_key = + p::unpacked::key_pair_serialized_public_key(&key_pair_unpacked); assert_eq!( key_pair.public_key().as_slice(), serialized_public_key.as_slice() @@ -70,7 +66,7 @@ macro_rules! impl_consistency_unpacked { key_pair.public_key().as_slice() ); let mut serialized_private_key = Default::default(); - p::unpacked::key_pair_serialized_private_key( + p::unpacked::key_pair_serialized_private_key_mut( &key_pair_unpacked, &mut serialized_private_key, ); @@ -79,6 +75,10 @@ macro_rules! impl_consistency_unpacked { key_pair.private_key().as_slice() ); + // Unpacked key from the serialized private key + let mut new_kp = Default::default(); + p::unpacked::key_pair_from_private_mut(&serialized_private_key, &mut new_kp); + let randomness = random_array(); let (ciphertext, shared_secret) = p::encapsulate(key_pair.public_key(), randomness); let (ciphertext_unpacked, shared_secret_unpacked) = From 4ed279ad21152e4666d0e51fdd9c751e1472e348 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 10 Oct 2024 18:51:56 +0000 Subject: [PATCH 06/17] re-extract F* --- ...m.Ind_cca.Instantiations.Avx2.Unpacked.fst | 5 +- ....Ind_cca.Instantiations.Avx2.Unpacked.fsti | 3 + ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 2 + ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 2 + ...m.Ind_cca.Instantiations.Neon.Unpacked.fst | 6 +- ....Ind_cca.Instantiations.Neon.Unpacked.fsti | 3 + ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 2 + ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 2 + ...d_cca.Instantiations.Portable.Unpacked.fst | 6 +- ..._cca.Instantiations.Portable.Unpacked.fsti | 3 + ...ml_kem.Ind_cca.Instantiations.Portable.fst | 2 + ...l_kem.Ind_cca.Instantiations.Portable.fsti | 2 + .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 494 ++++++++++++------ .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 54 +- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 83 ++- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 16 + .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 181 ++++--- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 39 +- ...Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst | 96 +++- ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti | 58 +- ...Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst | 96 +++- ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti | 62 ++- ...rux_ml_kem.Mlkem1024.Portable.Unpacked.fst | 96 +++- ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti | 62 ++- .../Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst | 96 +++- ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 58 +- .../Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst | 96 +++- ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 62 ++- ...crux_ml_kem.Mlkem512.Portable.Unpacked.fst | 96 +++- ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti | 62 ++- .../Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst | 80 ++- ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 48 +- .../Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst | 80 ++- ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 52 +- ...crux_ml_kem.Mlkem768.Portable.Unpacked.fst | 80 ++- ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti | 52 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 1 + .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 1 + .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 1 + .../Libcrux_ml_kem.Vector.Neon.Serialize.fsti | 1 + 40 files changed, 1958 insertions(+), 283 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst index cecdf9ad1..4fd8a27ab 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst @@ -6,8 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -80,7 +83,7 @@ let generate_keypair Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - randomness out + #Libcrux_ml_kem.Variant.t_MlKem randomness out <: (Prims.unit & Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti index 609428969..c1e1b08b5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti @@ -6,8 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () /// Unpacked encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index 9f5044e59..a930ffd1e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let validate_private_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index c87425a91..f920bad04 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable private key validation diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst index 91614ab24..c36f6c826 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst @@ -6,8 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -80,7 +83,8 @@ let generate_keypair Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash randomness out + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem randomness + out <: (Prims.unit & Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti index e602961e3..d7d649754 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti @@ -6,8 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () /// Unpacked encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index b9ce4c8b5..8f4eac1ed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let validate_private_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index 566639b4a..c5d48378e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable private key validation diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst index 3d5ed41ba..1c5b7b591 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst @@ -6,8 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -80,7 +83,8 @@ let generate_keypair Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness out + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem + randomness out <: (Prims.unit & Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti index ef16fb9d1..d32814c23 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti @@ -6,8 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () /// Unpacked encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 3ec3de8dc..317195665 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let validate_private_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 5b75149d8..c01c64169 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable private key validation diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index d06fe9daa..26bb724d7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -7,13 +7,15 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Ind_cpa.Unpacked in let open Libcrux_ml_kem.Polynomial in let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () -let impl__serialized_public_key +let impl__serialized (v_K: usize) (#v_Vector: Type0) (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -22,8 +24,8 @@ let impl__serialized_public_key Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self: t_MlKemPublicKeyUnpacked v_K v_Vector) = - Core.Convert.f_into #(t_Array u8 v_PUBLIC_KEY_SIZE) - #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + #(t_Array u8 v_PUBLIC_KEY_SIZE) #FStar.Tactics.Typeclasses.solve (Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K v_RANKED_BYTES_PER_RING_ELEMENT @@ -34,7 +36,7 @@ let impl__serialized_public_key <: t_Array u8 v_PUBLIC_KEY_SIZE) -let impl__serialized_public_key_mut +let impl__serialized_mut (v_K: usize) (#v_Vector: Type0) (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -249,17 +251,71 @@ let impl_2__public_key (self: t_MlKemKeyPairUnpacked v_K v_Vector) = self.f_public_key +let impl_2__serialized_private_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT: + usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) + = + let ind_cpa_private_key, ind_cpa_public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & + t_Array u8 v_PUBLIC_KEY_SIZE) = + Libcrux_ml_kem.Ind_cpa.serialize_unpacked_secret_key v_K + v_CPA_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_RANKED_BYTES_PER_RING_ELEMENT + #v_Vector + self.f_public_key.f_ind_cpa_public_key + self.f_private_key.f_ind_cpa_private_key + in + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE = + { + serialized with + Libcrux_ml_kem.Types.f_value + = + Libcrux_ml_kem.Ind_cca.serialize_kem_secret_key_mut v_K + v_PRIVATE_KEY_SIZE + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) + (ind_cpa_private_key <: t_Slice u8) + (ind_cpa_public_key <: t_Slice u8) + (self.f_private_key.f_implicit_rejection_value <: t_Slice u8) + serialized.Libcrux_ml_kem.Types.f_value + } + <: + Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE + in + serialized + let impl_2__serialized_private_key (v_K: usize) (#v_Vector: Type0) + (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT: + usize) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self: t_MlKemKeyPairUnpacked v_K v_Vector) = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not yet implemented" - <: - Rust_primitives.Hax.t_Never) + let sk:Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE = + Core.Default.f_default #(Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) + #FStar.Tactics.Typeclasses.solve + () + in + let sk:Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE = + impl_2__serialized_private_key_mut v_K + #v_Vector + v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_RANKED_BYTES_PER_RING_ELEMENT + self + sk + in + sk let impl_2__serialized_public_key (v_K: usize) @@ -270,11 +326,7 @@ let impl_2__serialized_public_key Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self: t_MlKemKeyPairUnpacked v_K v_Vector) = - impl__serialized_public_key v_K - #v_Vector - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - self.f_public_key + impl__serialized v_K #v_Vector v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE self.f_public_key let impl_2__serialized_public_key_mut (v_K: usize) @@ -289,7 +341,7 @@ let impl_2__serialized_public_key_mut let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) = (), - impl__serialized_public_key_mut v_K + impl__serialized_mut v_K #v_Vector v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE @@ -310,6 +362,268 @@ let impl_2__new = Core.Default.f_default #(t_MlKemKeyPairUnpacked v_K v_Vector) #FStar.Tactics.Typeclasses.solve () +let build_unpacked_keys + (v_K v_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (out: t_MlKemKeyPairUnpacked v_K v_Vector) + (implicit_rejection_value: t_Slice u8) + = + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K + (fun v__i -> + let v__i:usize = v__i in + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__j -> + let v__j:usize = v__j in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + in + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let _:usize = temp_1_ in + true) + v_A + (fun v_A i -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let i:usize = i in + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let _:usize = temp_1_ in + true) + v_A + (fun v_A j -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let j:usize = j in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A.[ i ] + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + j + (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + #FStar.Tactics.Typeclasses.solve + ((out.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ] + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K).[ i ] + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + <: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K) + <: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { + out.f_public_key with + f_ind_cpa_public_key + = + { out.f_public_key.f_ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let pk_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K + v_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + <: + t_Slice u8) + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { + out.f_public_key with + f_public_key_hash + = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (pk_serialized <: t_Slice u8) + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_private_key + = + { + out.f_private_key with + f_implicit_rejection_value + = + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + implicit_rejection_value + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + out + +let impl_2__from_private_key + (v_K: usize) + (#v_Vector: Type0) + (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + = + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + Core.Default.f_default #(t_MlKemKeyPairUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice + u8 & + t_Slice u8 & + t_Slice u8 & + t_Slice u8) = + Libcrux_ml_kem.Ind_cca.unpack_private_key v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE + private_key + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_private_key + = + { + out.f_private_key with + f_ind_cpa_private_key + = + { + out.f_private_key.f_ind_cpa_private_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + = + Libcrux_ml_kem.Ind_cpa.deserialize_secret_key v_K #v_Vector ind_cpa_secret_key + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector + } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { + out.f_public_key with + f_ind_cpa_public_key + = + Libcrux_ml_kem.Ind_cpa.build_unpacked_public_key_mut v_K + v_T_AS_NTT_ENCODED_SIZE + #v_Vector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) + ind_cpa_public_key + out.f_public_key.f_ind_cpa_public_key + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { + out.f_public_key with + f_public_key_hash + = + Core.Slice.impl__copy_from_slice #u8 + out.f_public_key.f_public_key_hash + ind_cpa_public_key_hash + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + build_unpacked_keys v_K + v_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) + out + implicit_rejection_value + in + out + let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -417,13 +731,14 @@ let decapsulate let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) + (#v_Vector #v_Hasher #v_Scheme: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (randomness: t_Array u8 (sz 64)) (out: t_MlKemKeyPairUnpacked v_K v_Vector) = @@ -449,6 +764,7 @@ let generate_keypair v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher + #v_Scheme ind_cpa_keypair_randomness out.f_private_key.f_ind_cpa_private_key out.f_public_key.f_ind_cpa_public_key @@ -476,151 +792,13 @@ let generate_keypair t_MlKemKeyPairUnpacked v_K v_Vector in let _:Prims.unit = () in - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K - (fun v__i -> - let v__i:usize = v__i in - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__j -> - let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - in - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) - v_K - (fun v_A temp_1_ -> - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K = - v_A - in - let _:usize = temp_1_ in - true) - v_A - (fun v_A i -> - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K = - v_A - in - let i:usize = i in - Rust_primitives.Hax.Folds.fold_range (sz 0) - v_K - (fun v_A temp_1_ -> - let v_A:t_Array - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - v_A - in - let _:usize = temp_1_ in - true) - v_A - (fun v_A j -> - let v_A:t_Array - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - v_A - in - let j:usize = j in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A - i - (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A.[ i ] - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - j - (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - #FStar.Tactics.Typeclasses.solve - ((out.f_public_key.f_ind_cpa_public_key - .Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ] - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K).[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K) - <: - t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) - in let out:t_MlKemKeyPairUnpacked v_K v_Vector = - { - out with - f_public_key - = - { - out.f_public_key with - f_ind_cpa_public_key - = - { out.f_public_key.f_ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A } - <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector - } - <: - t_MlKemPublicKeyUnpacked v_K v_Vector - } - <: - t_MlKemKeyPairUnpacked v_K v_Vector - in - let pk_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K + build_unpacked_keys v_K v_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A - <: - t_Slice u8) - in - let out:t_MlKemKeyPairUnpacked v_K v_Vector = - { - out with - f_public_key - = - { - out.f_public_key with - f_public_key_hash - = - Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (pk_serialized <: t_Slice u8) - } - <: - t_MlKemPublicKeyUnpacked v_K v_Vector - } - <: - t_MlKemKeyPairUnpacked v_K v_Vector - in - let out:t_MlKemKeyPairUnpacked v_K v_Vector = - { - out with - f_private_key - = - { - out.f_private_key with - f_implicit_rejection_value - = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - implicit_rejection_value - <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) - } - <: - t_MlKemPrivateKeyUnpacked v_K v_Vector - } - <: - t_MlKemKeyPairUnpacked v_K v_Vector + #v_Hasher + out + implicit_rejection_value in out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index fbd5de788..44df9a54f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -7,9 +7,11 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Ind_cpa.Unpacked in let open Libcrux_ml_kem.Polynomial in let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -30,7 +32,7 @@ type t_MlKemPublicKeyUnpacked } /// Get the serialized public key. -val impl__serialized_public_key +val impl__serialized (v_K: usize) (#v_Vector: Type0) (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -41,7 +43,7 @@ val impl__serialized_public_key (fun _ -> Prims.l_True) /// Get the serialized public key. -val impl__serialized_public_key_mut +val impl__serialized_mut (v_K: usize) (#v_Vector: Type0) (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -125,13 +127,30 @@ val impl_2__public_key (self: t_MlKemKeyPairUnpacked v_K v_Vector) : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) +/// Get the serialized private key. +val impl_2__serialized_private_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT: + usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + /// Get the serialized private key. val impl_2__serialized_private_key (v_K: usize) (#v_Vector: Type0) + (v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT: + usize) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self: t_MlKemKeyPairUnpacked v_K v_Vector) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_K) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) /// Get the serialized public key. val impl_2__serialized_public_key @@ -202,6 +221,28 @@ val impl_2__new: Prims.unit -> Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) +val build_unpacked_keys + (v_K v_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (out: t_MlKemKeyPairUnpacked v_K v_Vector) + (implicit_rejection_value: t_Slice u8) + : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Take a serialized private key and generate an unpacked key pair from it. +/// Note that we can't restore the seed for A. But it's not needed. +/// However, the unpacked public key in a key generated like this +/// is not fully usable. +val impl_2__from_private_key + (v_K: usize) + (#v_Vector: Type0) + (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -216,9 +257,10 @@ val decapsulate val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (randomness: t_Array u8 (sz 64)) (out: t_MlKemKeyPairUnpacked v_K v_Vector) : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index b8a238385..ed81731cd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -12,18 +12,18 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let serialize_kem_secret_key +let serialize_kem_secret_key_mut (v_K v_SERIALIZED_KEY_LEN: usize) (#v_Hasher: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (private_key public_key implicit_rejection_value: t_Slice u8) + (serialized: t_Array u8 v_SERIALIZED_KEY_LEN) = - let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in let pointer:usize = sz 0 in - let out:t_Array u8 v_SERIALIZED_KEY_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + let serialized:t_Array u8 v_SERIALIZED_KEY_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) <: usize @@ -31,7 +31,7 @@ let serialize_kem_secret_key <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (out.[ { + (serialized.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = @@ -46,8 +46,8 @@ let serialize_kem_secret_key t_Slice u8) in let pointer:usize = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) in - let out:t_Array u8 v_SERIALIZED_KEY_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + let serialized:t_Array u8 v_SERIALIZED_KEY_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) <: usize @@ -55,7 +55,7 @@ let serialize_kem_secret_key <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (out.[ { + (serialized.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = @@ -70,8 +70,8 @@ let serialize_kem_secret_key t_Slice u8) in let pointer:usize = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) in - let out:t_Array u8 v_SERIALIZED_KEY_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + let serialized:t_Array u8 v_SERIALIZED_KEY_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE <: usize @@ -79,7 +79,7 @@ let serialize_kem_secret_key <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (out.[ { + (serialized.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE <: usize } @@ -97,8 +97,8 @@ let serialize_kem_secret_key t_Slice u8) in let pointer:usize = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in - let out:t_Array u8 v_SERIALIZED_KEY_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + let serialized:t_Array u8 v_SERIALIZED_KEY_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end @@ -108,7 +108,7 @@ let serialize_kem_secret_key <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (out.[ { + (serialized.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = @@ -122,6 +122,26 @@ let serialize_kem_secret_key <: t_Slice u8) in + serialized + +let serialize_kem_secret_key + (v_K v_SERIALIZED_KEY_LEN: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (private_key public_key implicit_rejection_value: t_Slice u8) + = + let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in + let out:t_Array u8 v_SERIALIZED_KEY_LEN = + serialize_kem_secret_key_mut v_K + v_SERIALIZED_KEY_LEN + #v_Hasher + private_key + public_key + implicit_rejection_value + out + in out let validate_public_key @@ -156,6 +176,25 @@ let validate_public_key in public_key =. public_key_serialized +let unpack_private_key + (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + = + let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) + v_CPA_SECRET_KEY_SIZE + in + let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 secret_key v_PUBLIC_KEY_SIZE + in + let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE + in + ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value + <: + (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) + let validate_private_key (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) (#v_Hasher: Type0) @@ -202,16 +241,12 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) - v_CPA_SECRET_KEY_SIZE - in - let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 secret_key v_PUBLIC_KEY_SIZE - in - let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE + let ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice + u8 & + t_Slice u8 & + t_Slice u8 & + t_Slice u8) = + unpack_private_key v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE private_key in let decrypted:t_Array u8 (sz 32) = Libcrux_ml_kem.Ind_cpa.decrypt v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 5d53cee40..90bd98cf4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -20,6 +20,15 @@ let v_KEY_GENERATION_SEED_SIZE: usize = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +/// Serialize the secret key. +val serialize_kem_secret_key_mut + (v_K v_SERIALIZED_KEY_LEN: usize) + (#v_Hasher: Type0) + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (private_key public_key implicit_rejection_value: t_Slice u8) + (serialized: t_Array u8 v_SERIALIZED_KEY_LEN) + : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True) + /// Serialize the secret key. val serialize_kem_secret_key (v_K v_SERIALIZED_KEY_LEN: usize) @@ -39,6 +48,13 @@ val validate_public_key (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +val unpack_private_key + (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + : Prims.Pure (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) + /// Validate an ML-KEM private key. /// This implements the Hash check in 7.3 3. /// Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index e905c5190..0884e48e4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -504,6 +504,84 @@ let serialize_public_key in public_key_serialized +let build_unpacked_public_key_mut + (v_K v_T_AS_NTT_ENCODED_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: t_Slice u8) + (unpacked_public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + = + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + = + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE + v_K + #v_Vector + (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeTo usize ] + <: + t_Slice u8) + unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + let seed:t_Slice u8 = + public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + false + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + unpacked_public_key + +let build_unpacked_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: t_Slice u8) + = + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + build_unpacked_public_key_mut v_K + v_T_AS_NTT_ENCODED_SIZE + #v_Vector + #v_Hasher + public_key + unpacked_public_key + in + unpacked_public_key + let decrypt_unpacked (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: usize) @@ -684,47 +762,7 @@ let encrypt (randomness: t_Slice u8) = let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) - #FStar.Tactics.Typeclasses.solve - () - in - let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = - { - unpacked_public_key with - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE - v_K - #v_Vector - (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } - <: - Core.Ops.Range.t_RangeTo usize ] - <: - t_Slice u8) - unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - } - <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector - in - let seed:t_Slice u8 = - public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - in - let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = - { - unpacked_public_key with - Libcrux_ml_kem.Ind_cpa.Unpacked.f_A - = - Libcrux_ml_kem.Matrix.sample_matrix_A v_K - #v_Vector - #v_Hasher - unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) - false - } - <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + build_unpacked_public_key v_K v_T_AS_NTT_ENCODED_SIZE #v_Vector #v_Hasher public_key in encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 @@ -732,19 +770,20 @@ let encrypt let generate_keypair_unpacked (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) + (#v_Vector #v_Hasher #v_Scheme: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (key_generation_seed: t_Slice u8) (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Variant.f_cpa_keygen_seed #Libcrux_ml_kem.Variant.t_MlKem + Libcrux_ml_kem.Variant.f_cpa_keygen_seed #v_Scheme #FStar.Tactics.Typeclasses.solve v_K #v_Hasher @@ -834,6 +873,33 @@ let generate_keypair_unpacked (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) +let serialize_unpacked_secret_key + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) + = + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + serialize_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + in + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = + serialize_secret_key v_K + v_PRIVATE_KEY_SIZE + #v_Vector + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + in + secret_key_serialized, public_key_serialized + <: + (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + let generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) @@ -865,6 +931,7 @@ let generate_keypair v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher + #v_Scheme key_generation_seed private_key public_key @@ -872,20 +939,10 @@ let generate_keypair let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = tmp0 in let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = tmp1 in let _:Prims.unit = () in - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - serialize_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #v_Vector - public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) - in - let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = - serialize_secret_key v_K - v_PRIVATE_KEY_SIZE - #v_Vector - private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt - in - secret_key_serialized, public_key_serialized - <: - (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + serialize_unpacked_secret_key v_K + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_RANKED_BYTES_PER_RING_ELEMENT + #v_Vector + public_key + private_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 90653fb7b..6754a210b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -106,6 +106,27 @@ val serialize_public_key (seed_for_a: t_Slice u8) : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) +val build_unpacked_public_key_mut + (v_K v_T_AS_NTT_ENCODED_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (public_key: t_Slice u8) + (unpacked_public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + : Prims.Pure (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val build_unpacked_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (public_key: t_Slice u8) + : Prims.Pure (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + /// This function implements Algorithm 14 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. /// Algorithm 14 is reproduced below: @@ -234,9 +255,10 @@ val encrypt /// . val generate_keypair_unpacked (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (key_generation_seed: t_Slice u8) (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) @@ -246,6 +268,17 @@ val generate_keypair_unpacked Prims.l_True (fun _ -> Prims.l_True) +/// Serialize the secret key from the unpacked key pair generation. +val serialize_unpacked_secret_key + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) + : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + val generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst index ca698a11d..9767ba34a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -33,7 +34,7 @@ let serialized_public_key (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_mut (sz 4) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector (sz 1536) (sz 1568) @@ -75,7 +76,7 @@ let decapsulate (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext -let generate_key_pair +let generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) @@ -101,8 +102,99 @@ let generate_key_pair in key_pair +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + generate_key_pair_mut randomness key_pair + in + key_pair + let init_key_pair (_: Prims.unit) = Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () + +let key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 4) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 3168) + (sz 1536) + (sz 1568) + (sz 1536) + (sz 1536) + private_key + in + key_pair + +let key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key (sz 4) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + key_pair + +let key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + key_pair + serialized + in + serialized + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key (sz 4) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1536) + (sz 1568) + key_pair + +let key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1536) + (sz 1568) + key_pair + serialized + in + serialized diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti index 98114aa20..fdf63677a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let _ = @@ -70,7 +71,7 @@ val decapsulate : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair +val generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) @@ -79,8 +80,63 @@ val generate_key_pair (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) +/// Generate ML-KEM 1024 Key Pair in "unpacked" form. +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get an unpacked key from a private key. +/// Note that this is missing the seed of A, which is unrecoverable. +val key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst index 3b74c3b27..a8270fc67 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -33,7 +34,7 @@ let serialized_public_key (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_mut (sz 4) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector (sz 1536) (sz 1568) @@ -75,7 +76,7 @@ let decapsulate (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext -let generate_key_pair +let generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) @@ -101,8 +102,99 @@ let generate_key_pair in key_pair +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + generate_key_pair_mut randomness key_pair + in + key_pair + let init_key_pair (_: Prims.unit) = Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () + +let key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 4) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 3168) + (sz 1536) + (sz 1568) + (sz 1536) + (sz 1536) + private_key + in + key_pair + +let key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key (sz 4) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + key_pair + +let key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + key_pair + serialized + in + serialized + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key (sz 4) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1536) + (sz 1568) + key_pair + +let key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1536) + (sz 1568) + key_pair + serialized + in + serialized diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti index 46f643f14..6d9765a57 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let _ = @@ -74,7 +75,7 @@ val decapsulate : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair +val generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) @@ -85,6 +86,14 @@ val generate_key_pair Prims.l_True (fun _ -> Prims.l_True) +/// Generate ML-KEM 1024 Key Pair in "unpacked" form. +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure @@ -92,3 +101,54 @@ val init_key_pair: Prims.unit Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get an unpacked key from a private key. +/// Note that this is missing the seed of A, which is unrecoverable. +val key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst index b77d33651..28eaccddf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -33,7 +34,7 @@ let serialized_public_key (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_mut (sz 4) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (sz 1536) (sz 1568) @@ -75,7 +76,7 @@ let decapsulate (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext -let generate_key_pair +let generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) @@ -101,8 +102,99 @@ let generate_key_pair in key_pair +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + in + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + generate_key_pair_mut randomness key_pair + in + key_pair + let init_key_pair (_: Prims.unit) = Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () + +let key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 4) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 3168) + (sz 1536) + (sz 1568) + (sz 1536) + (sz 1536) + private_key + in + key_pair + +let key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key (sz 4) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + key_pair + +let key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + key_pair + serialized + in + serialized + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key (sz 4) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1536) + (sz 1568) + key_pair + +let key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1536) + (sz 1568) + key_pair + serialized + in + serialized diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti index fdc651118..ff42b6211 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let _ = @@ -74,7 +75,7 @@ val decapsulate : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair +val generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) @@ -85,6 +86,14 @@ val generate_key_pair Prims.l_True (fun _ -> Prims.l_True) +/// Generate ML-KEM 1024 Key Pair in "unpacked" form. +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure @@ -92,3 +101,54 @@ val init_key_pair: Prims.unit Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get an unpacked key from a private key. +/// Note that this is missing the seed of A, which is unrecoverable. +val key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst index 6fc3cda34..08fa82d1f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -33,7 +34,7 @@ let serialized_public_key = let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = (), - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_mut (sz 2) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector (sz 768) (sz 800) @@ -77,7 +78,7 @@ let decapsulate (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext -let generate_key_pair +let generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) @@ -97,8 +98,99 @@ let generate_key_pair in key_pair +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + generate_key_pair_mut randomness key_pair + in + key_pair + let init_key_pair (_: Prims.unit) = Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () + +let key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 2) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1632) + (sz 768) + (sz 800) + (sz 768) + (sz 768) + private_key + in + key_pair + +let key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key (sz 2) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + key_pair + +let key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + key_pair + serialized + in + serialized + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key (sz 2) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 768) + (sz 800) + key_pair + +let key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 768) + (sz 800) + key_pair + serialized + in + serialized diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti index cd0cb965f..c8587b1e5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let _ = @@ -68,7 +69,7 @@ val decapsulate : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair +val generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) @@ -77,8 +78,63 @@ val generate_key_pair (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) +/// Generate ML-KEM 512 Key Pair in "unpacked" form. +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get an unpacked key from a private key. +/// Note that this is missing the seed of A, which is unrecoverable. +val key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst index 273041027..0508184a9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -33,7 +34,7 @@ let serialized_public_key = let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = (), - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_mut (sz 2) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector (sz 768) (sz 800) @@ -77,7 +78,7 @@ let decapsulate (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext -let generate_key_pair +let generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) @@ -97,8 +98,99 @@ let generate_key_pair in key_pair +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + generate_key_pair_mut randomness key_pair + in + key_pair + let init_key_pair (_: Prims.unit) = Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () + +let key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 2) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1632) + (sz 768) + (sz 800) + (sz 768) + (sz 768) + private_key + in + key_pair + +let key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key (sz 2) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + key_pair + +let key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + key_pair + serialized + in + serialized + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key (sz 2) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 768) + (sz 800) + key_pair + +let key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 768) + (sz 800) + key_pair + serialized + in + serialized diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti index 40ecdcc8d..4da6524e0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let _ = @@ -72,7 +73,7 @@ val decapsulate : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair +val generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) @@ -83,6 +84,14 @@ val generate_key_pair Prims.l_True (fun _ -> Prims.l_True) +/// Generate ML-KEM 512 Key Pair in "unpacked" form. +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure @@ -90,3 +99,54 @@ val init_key_pair: Prims.unit Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get an unpacked key from a private key. +/// Note that this is missing the seed of A, which is unrecoverable. +val key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst index 54eb129c9..4af2855df 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -34,7 +35,7 @@ let serialized_public_key = let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = (), - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_mut (sz 2) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (sz 768) (sz 800) @@ -78,7 +79,7 @@ let decapsulate (sz 800) (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext -let generate_key_pair +let generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) @@ -98,8 +99,99 @@ let generate_key_pair in key_pair +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + in + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + generate_key_pair_mut randomness key_pair + in + key_pair + let init_key_pair (_: Prims.unit) = Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () + +let key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 2) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1632) + (sz 768) + (sz 800) + (sz 768) + (sz 768) + private_key + in + key_pair + +let key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key (sz 2) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + key_pair + +let key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + key_pair + serialized + in + serialized + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key (sz 2) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 768) + (sz 800) + key_pair + +let key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 768) + (sz 800) + key_pair + serialized + in + serialized diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti index 2aee55d13..49e4d2959 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let _ = @@ -72,7 +73,7 @@ val decapsulate : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair +val generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) @@ -83,6 +84,14 @@ val generate_key_pair Prims.l_True (fun _ -> Prims.l_True) +/// Generate ML-KEM 512 Key Pair in "unpacked" form. +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure @@ -90,3 +99,54 @@ val init_key_pair: Prims.unit Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get an unpacked key from a private key. +/// Note that this is missing the seed of A, which is unrecoverable. +val key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst index 1a75cf7bf..a16a1af5b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -33,7 +34,7 @@ let serialized_public_key (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_mut (sz 3) #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector (sz 1152) (sz 1184) @@ -75,7 +76,7 @@ let decapsulate (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext -let generate_key_pair +let generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) @@ -95,16 +96,91 @@ let generate_key_pair in key_pair +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + generate_key_pair_mut randomness key_pair + in + key_pair + let init_key_pair (_: Prims.unit) = Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) #FStar.Tactics.Typeclasses.solve () +let key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 3) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 2400) + (sz 1152) + (sz 1184) + (sz 1152) + (sz 1152) + private_key + in + key_pair + +let key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key (sz 3) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + key_pair + +let key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + key_pair + serialized + in + serialized + let key_pair_serialized_public_key (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key (sz 3) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1152) + (sz 1184) + key_pair + +let key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti index 4d8df4bc3..889a68df9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let _ = @@ -68,7 +69,7 @@ val decapsulate : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair +val generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) @@ -77,17 +78,62 @@ val generate_key_pair (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) +/// Generate ML-KEM 768 Key Pair in "unpacked" form. +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) +/// Get an unpacked key from a private key. +/// Note that this is missing the seed of A, which is unrecoverable. +val key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst index 1b1c3736e..7766dd0ae 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in let open Libcrux_ml_kem.Vector.Neon.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -34,7 +35,7 @@ let serialized_public_key (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_mut (sz 3) #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector (sz 1152) (sz 1184) @@ -76,7 +77,7 @@ let decapsulate (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext -let generate_key_pair +let generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) @@ -96,16 +97,91 @@ let generate_key_pair in key_pair +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + generate_key_pair_mut randomness key_pair + in + key_pair + let init_key_pair (_: Prims.unit) = Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) #FStar.Tactics.Typeclasses.solve () +let key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 3) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 2400) + (sz 1152) + (sz 1184) + (sz 1152) + (sz 1152) + private_key + in + key_pair + +let key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key (sz 3) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + key_pair + +let key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + key_pair + serialized + in + serialized + let key_pair_serialized_public_key (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key (sz 3) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1152) + (sz 1184) + key_pair + +let key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti index 3c76dc76c..1742e3afe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in let open Libcrux_ml_kem.Vector.Neon.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let _ = @@ -73,7 +74,7 @@ val decapsulate : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair +val generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) @@ -84,6 +85,14 @@ val generate_key_pair Prims.l_True (fun _ -> Prims.l_True) +/// Generate ML-KEM 768 Key Pair in "unpacked" form. +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure @@ -92,11 +101,52 @@ val init_key_pair: Prims.unit Prims.l_True (fun _ -> Prims.l_True) +/// Get an unpacked key from a private key. +/// Note that this is missing the seed of A, which is unrecoverable. +val key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst index 39960a363..02219386f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in let open Libcrux_ml_kem.Vector.Portable.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate @@ -34,7 +35,7 @@ let serialized_public_key (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_mut (sz 3) #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (sz 1152) (sz 1184) @@ -76,7 +77,7 @@ let decapsulate (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext -let generate_key_pair +let generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) @@ -96,16 +97,91 @@ let generate_key_pair in key_pair +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + in + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + generate_key_pair_mut randomness key_pair + in + key_pair + let init_key_pair (_: Prims.unit) = Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) #FStar.Tactics.Typeclasses.solve () +let key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 3) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 2400) + (sz 1152) + (sz 1184) + (sz 1152) + (sz 1152) + private_key + in + key_pair + +let key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key (sz 3) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + key_pair + +let key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_private_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + key_pair + serialized + in + serialized + let key_pair_serialized_public_key (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key (sz 3) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1152) + (sz 1184) + key_pair + +let key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti index 30956fcb9..dfb7ace57 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in let open Libcrux_ml_kem.Vector.Portable.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let _ = @@ -73,7 +74,7 @@ val decapsulate : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair +val generate_key_pair_mut (randomness: t_Array u8 (sz 64)) (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) @@ -84,6 +85,14 @@ val generate_key_pair Prims.l_True (fun _ -> Prims.l_True) +/// Generate ML-KEM 768 Key Pair in "unpacked" form. +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + /// Create a new, empty unpacked key. val init_key_pair: Prims.unit -> Prims.Pure @@ -92,11 +101,52 @@ val init_key_pair: Prims.unit Prims.l_True (fun _ -> Prims.l_True) +/// Get an unpacked key from a private key. +/// Note that this is missing the seed of A, which is unrecoverable. +val key_pair_from_private_mut + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val key_pair_serialized_private_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Get the serialized public key. val key_pair_serialized_public_key (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key_mut + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index a7fa366a9..01639f725 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let deserialize_1_ (bytes: t_Slice u8) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index e8d5ee34b..653eb0818 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () val deserialize_1_ (bytes: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index aa783010c..f2b1f9206 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let deserialize_1_ (a: t_Slice u8) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti index 309df9740..b9219f5ed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () val deserialize_1_ (a: t_Slice u8) From 2c499138797cf5252a22f3b7244fc663393f2083 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 11 Oct 2024 06:52:16 +0000 Subject: [PATCH 07/17] more tests and fixup --- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/src/ind_cca.rs | 32 ++++++-------------------------- libcrux-ml-kem/tests/self.rs | 22 ++++++++++++++++++++++ 3 files changed, 29 insertions(+), 27 deletions(-) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index aa7ba1844..c3d844266 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c Karamel: 8c3612018c25889288da6857771be3ad03b75bcd F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d +Libcrux: 4ed279ad21152e4666d0e51fdd9c751e1472e348 diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 0fefc40a3..047ed996d 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -295,6 +295,7 @@ pub(crate) fn decapsulate< ) } +/// Unpack an incoming private key into it's different parts. fn unpack_private_key< const SECRET_KEY_SIZE: usize, const CPA_SECRET_KEY_SIZE: usize, @@ -331,7 +332,6 @@ pub(crate) mod unpacked { }; /// An unpacked ML-KEM IND-CCA Private Key - #[derive(Clone)] pub struct MlKemPrivateKeyUnpacked { pub(crate) ind_cpa_private_key: IndCpaPrivateKeyUnpacked, pub(crate) implicit_rejection_value: [u8; 32], @@ -435,7 +435,7 @@ pub(crate) mod unpacked { /// /// Note that we can't restore the seed for A. But it's not needed. /// However, the unpacked public key in a key generated like this - /// is not fully usable. + /// is not fully usable (serializable). #[inline(always)] pub fn from_private_key< const SECRET_KEY_SIZE: usize, @@ -466,14 +466,10 @@ pub(crate) mod unpacked { out.public_key .public_key_hash .copy_from_slice(ind_cpa_public_key_hash); + out.private_key + .implicit_rejection_value + .copy_from_slice(implicit_rejection_value); - build_unpacked_keys::< - K, - BYTES_PER_RING_ELEMENT, - PUBLIC_KEY_SIZE, - Vector, - PortableHash, - >(&mut out, implicit_rejection_value); out } @@ -598,22 +594,6 @@ pub(crate) mod unpacked { &mut out.public_key.ind_cpa_public_key, ); - build_unpacked_keys::( - out, - implicit_rejection_value, - ); - } - - fn build_unpacked_keys< - const K: usize, - const BYTES_PER_RING_ELEMENT: usize, - const PUBLIC_KEY_SIZE: usize, - Vector: Operations, - Hasher: Hash, - >( - out: &mut MlKemKeyPairUnpacked, - implicit_rejection_value: &[u8], - ) { // We need to un-transpose the A_transpose matrix provided by IND-CPA // We would like to write the following but it is not supported by Eurydice yet. // https://github.com/AeneasVerif/eurydice/issues/39 @@ -630,6 +610,7 @@ pub(crate) mod unpacked { } } out.public_key.ind_cpa_public_key.A = A; + out.private_key.implicit_rejection_value = implicit_rejection_value.try_into().unwrap(); let pk_serialized = serialize_public_key::( @@ -637,7 +618,6 @@ pub(crate) mod unpacked { &out.public_key.ind_cpa_public_key.seed_for_A, ); out.public_key.public_key_hash = Hasher::H(&pk_serialized); - out.private_key.implicit_rejection_value = implicit_rejection_value.try_into().unwrap(); } // Encapsulate with Unpacked Public Key diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index b012a5c3e..4496b65c7 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -92,6 +92,20 @@ macro_rules! impl_consistency_unpacked { ciphertext_unpacked.as_slice(), "lhs: ciphertext, rhs: ciphertext_unpacked" ); + + // Check with re-assembled new_kp + let (ciphertext_unpacked, shared_secret_unpacked) = + p::unpacked::encapsulate(&new_kp.public_key, randomness); + assert_eq!( + shared_secret, shared_secret_unpacked, + "lhs: shared_secret, rhs: shared_secret_unpacked" + ); + assert_eq!( + ciphertext.as_slice(), + ciphertext_unpacked.as_slice(), + "lhs: ciphertext, rhs: ciphertext_unpacked" + ); + let shared_secret_decapsulated = p::unpacked::decapsulate(&key_pair_unpacked, &ciphertext); let shared_secret = p::decapsulate(key_pair.private_key(), &ciphertext); @@ -103,6 +117,14 @@ macro_rules! impl_consistency_unpacked { shared_secret, shared_secret_decapsulated, "lhs: shared_secret, rhs: shared_secret_decapsulated" ); + + // Check with re-assembled new_kp + let shared_secret_decapsulated = p::unpacked::decapsulate(&new_kp, &ciphertext); + assert_eq!( + shared_secret_unpacked, shared_secret_decapsulated, + "lhs: shared_secret_unpacked, rhs: shared_secret_decapsulated" + ); + // If the randomness was not enough for the rejection sampling step // in key-generation and encapsulation, simply return without // failing. From 188d1988f5f9801faa2dc979e473507601ba54dc Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 11 Oct 2024 08:43:47 +0000 Subject: [PATCH 08/17] re-extract mlkem F* --- ...m.Ind_cca.Instantiations.Avx2.Unpacked.fst | 22 + ....Ind_cca.Instantiations.Avx2.Unpacked.fsti | 12 + ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 9 + ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 10 +- ...m.Ind_cca.Instantiations.Neon.Unpacked.fst | 22 + ....Ind_cca.Instantiations.Neon.Unpacked.fsti | 14 + ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 9 + ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 10 +- ...d_cca.Instantiations.Portable.Unpacked.fst | 22 + ..._cca.Instantiations.Portable.Unpacked.fsti | 14 + ...ml_kem.Ind_cca.Instantiations.Portable.fst | 9 + ...l_kem.Ind_cca.Instantiations.Portable.fsti | 10 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 429 ++++++++++-------- .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 42 +- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 38 +- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 12 +- ...Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst | 4 +- ...ibcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti | 1 - .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 3 + .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 5 + ...Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst | 4 +- ...ibcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti | 1 - .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 3 + .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 5 + ...rux_ml_kem.Mlkem1024.Portable.Unpacked.fst | 4 +- ...ux_ml_kem.Mlkem1024.Portable.Unpacked.fsti | 1 - .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 5 + .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 5 + .../Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst | 4 +- ...Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 1 - .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 3 + .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 5 + .../Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst | 4 +- ...Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 1 - .../Libcrux_ml_kem.Mlkem512.Neon.fst | 3 + .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 5 + ...crux_ml_kem.Mlkem512.Portable.Unpacked.fst | 4 +- ...rux_ml_kem.Mlkem512.Portable.Unpacked.fsti | 1 - .../Libcrux_ml_kem.Mlkem512.Portable.fst | 5 + .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 5 + .../Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst | 4 +- ...Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 1 - .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 3 + .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 5 + .../Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst | 4 +- ...Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 1 - .../Libcrux_ml_kem.Mlkem768.Neon.fst | 3 + .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 5 + ...crux_ml_kem.Mlkem768.Portable.Unpacked.fst | 4 +- ...rux_ml_kem.Mlkem768.Portable.Unpacked.fsti | 1 - .../Libcrux_ml_kem.Mlkem768.Portable.fst | 5 + .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 5 + .../fstar/extraction/Libcrux_ml_kem.Types.fst | 14 + .../extraction/Libcrux_ml_kem.Types.fsti | 8 + 54 files changed, 551 insertions(+), 278 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst index 4fd8a27ab..cdab4f44a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst @@ -90,3 +90,25 @@ let generate_keypair Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) in out + +let keypair_from_private_key + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Libcrux_ml_kem.Ind_cca.Unpacked.keys_from_private_key v_K + v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_T_AS_NTT_ENCODED_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + private_key + key_pair + in + key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti index c1e1b08b5..79c0e4424 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti @@ -57,3 +57,15 @@ val generate_keypair : Prims.Pure (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Take a serialized private key and generate an unpacked key pair from it. +val keypair_from_private_key + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index a930ffd1e..eddadbe1a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -13,6 +13,15 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +let validate_private_key_only + (v_K v_SECRET_KEY_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_private_key_only v_K + v_SECRET_KEY_SIZE + #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + private_key + let validate_private_key (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index f920bad04..ac6c19208 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -13,14 +13,20 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -/// Portable private key validation +/// Private key validation +val validate_private_key_only + (v_K v_SECRET_KEY_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Private key validation val validate_private_key (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Portable public key validation +/// Public key validation val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst index c36f6c826..fa6cb8845 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst @@ -91,3 +91,25 @@ let generate_keypair Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) in out + +let keypair_from_private_key + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Libcrux_ml_kem.Ind_cca.Unpacked.keys_from_private_key v_K + v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_T_AS_NTT_ENCODED_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + private_key + key_pair + in + key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti index d7d649754..58251c88d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti @@ -61,3 +61,17 @@ val generate_keypair Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Take a serialized private key and generate an unpacked key pair from it. +val keypair_from_private_key + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 8f4eac1ed..b311a7d73 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -13,6 +13,15 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +let validate_private_key_only + (v_K v_SECRET_KEY_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_private_key_only v_K + v_SECRET_KEY_SIZE + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash + private_key + let validate_private_key (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index c5d48378e..2baa54697 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -13,14 +13,20 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -/// Portable private key validation +/// Private key validation +val validate_private_key_only + (v_K v_SECRET_KEY_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Private key validation val validate_private_key (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Portable public key validation +/// Public key validation val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst index 1c5b7b591..b8ed5ec86 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst @@ -91,3 +91,25 @@ let generate_keypair Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in out + +let keypair_from_private_key + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Libcrux_ml_kem.Ind_cca.Unpacked.keys_from_private_key v_K + v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_T_AS_NTT_ENCODED_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + private_key + key_pair + in + key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti index d32814c23..763644fa1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti @@ -61,3 +61,17 @@ val generate_keypair Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) Prims.l_True (fun _ -> Prims.l_True) + +/// Take a serialized private key and generate an unpacked key pair from it. +val keypair_from_private_key + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 317195665..2ae564746 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -13,6 +13,15 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +let validate_private_key_only + (v_K v_SECRET_KEY_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_private_key_only v_K + v_SECRET_KEY_SIZE + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) + private_key + let validate_private_key (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index c01c64169..a4d5407a5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -13,14 +13,20 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -/// Portable private key validation +/// Private key validation +val validate_private_key_only + (v_K v_SECRET_KEY_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Private key validation val validate_private_key (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Portable public key validation +/// Public key validation val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index 26bb724d7..20ac54a4f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -362,8 +362,9 @@ let impl_2__new = Core.Default.f_default #(t_MlKemKeyPairUnpacked v_K v_Vector) #FStar.Tactics.Typeclasses.solve () -let build_unpacked_keys - (v_K v_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) (#v_Vector #v_Hasher: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -371,9 +372,164 @@ let build_unpacked_keys (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + let decrypted:t_Array u8 (sz 32) = + Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K + v_CIPHERTEXT_SIZE + v_C1_SIZE + v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR + #v_Vector + key_pair.f_private_key.f_ind_cpa_private_key + ciphertext.Libcrux_ml_kem.Types.f_value + in + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (key_pair.f_public_key.f_public_key_hash <: t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + (key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) + in + let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + <: + t_Slice u8) + in + let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (sz 32) + (to_hash <: t_Slice u8) + in + let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + key_pair.f_public_key.f_ind_cpa_public_key decrypted pseudorandomness + in + let selector:u8 = + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext + v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (expected_ciphertext <: t_Slice u8) + in + Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret + (implicit_rejection_shared_secret <: t_Slice u8) + selector + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) + (randomness: t_Array u8 (sz 64)) (out: t_MlKemKeyPairUnpacked v_K v_Vector) - (implicit_rejection_value: t_Slice u8) = + let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + in + let implicit_rejection_value:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + let tmp0, tmp1:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = + Libcrux_ml_kem.Ind_cpa.generate_keypair_unpacked v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + #v_Scheme + ind_cpa_keypair_randomness + out.f_private_key.f_ind_cpa_private_key + out.f_public_key.f_ind_cpa_public_key + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_private_key + = + { out.f_private_key with f_ind_cpa_private_key = tmp0 } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { out.f_public_key with f_ind_cpa_public_key = tmp1 } <: t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let _:Prims.unit = () in let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K @@ -523,42 +679,36 @@ let build_unpacked_keys in out -let impl_2__from_private_key - (v_K: usize) - (#v_Vector: Type0) - (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: +let keys_from_private_key + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: usize) + (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) = - let out:t_MlKemKeyPairUnpacked v_K v_Vector = - Core.Default.f_default #(t_MlKemKeyPairUnpacked v_K v_Vector) - #FStar.Tactics.Typeclasses.solve - () - in let ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) = - Libcrux_ml_kem.Ind_cca.unpack_private_key v_SECRET_KEY_SIZE - v_CPA_SECRET_KEY_SIZE + Libcrux_ml_kem.Types.unpack_private_key v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE - private_key + (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) in - let out:t_MlKemKeyPairUnpacked v_K v_Vector = + let key_pair:t_MlKemKeyPairUnpacked v_K v_Vector = { - out with + key_pair with f_private_key = { - out.f_private_key with + key_pair.f_private_key with f_ind_cpa_private_key = { - out.f_private_key.f_ind_cpa_private_key with + key_pair.f_private_key.f_ind_cpa_private_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = Libcrux_ml_kem.Ind_cpa.deserialize_secret_key v_K #v_Vector ind_cpa_secret_key @@ -572,13 +722,13 @@ let impl_2__from_private_key <: t_MlKemKeyPairUnpacked v_K v_Vector in - let out:t_MlKemKeyPairUnpacked v_K v_Vector = + let key_pair:t_MlKemKeyPairUnpacked v_K v_Vector = { - out with + key_pair with f_public_key = { - out.f_public_key with + key_pair.f_public_key with f_ind_cpa_public_key = Libcrux_ml_kem.Ind_cpa.build_unpacked_public_key_mut v_K @@ -586,7 +736,7 @@ let impl_2__from_private_key #v_Vector #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) ind_cpa_public_key - out.f_public_key.f_ind_cpa_public_key + key_pair.f_public_key.f_ind_cpa_public_key } <: t_MlKemPublicKeyUnpacked v_K v_Vector @@ -594,17 +744,17 @@ let impl_2__from_private_key <: t_MlKemKeyPairUnpacked v_K v_Vector in - let out:t_MlKemKeyPairUnpacked v_K v_Vector = + let key_pair:t_MlKemKeyPairUnpacked v_K v_Vector = { - out with + key_pair with f_public_key = { - out.f_public_key with + key_pair.f_public_key with f_public_key_hash = Core.Slice.impl__copy_from_slice #u8 - out.f_public_key.f_public_key_hash + key_pair.f_public_key.f_public_key_hash ind_cpa_public_key_hash } <: @@ -613,192 +763,81 @@ let impl_2__from_private_key <: t_MlKemKeyPairUnpacked v_K v_Vector in - let out:t_MlKemKeyPairUnpacked v_K v_Vector = - build_unpacked_keys v_K - v_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #v_Vector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) - out - implicit_rejection_value - in - out - -let decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - let decrypted:t_Array u8 (sz 32) = - Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K - v_CIPHERTEXT_SIZE - v_C1_SIZE - v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR - #v_Vector - key_pair.f_private_key.f_ind_cpa_private_key - ciphertext.Libcrux_ml_kem.Types.f_value - in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) - in - let to_hash:t_Array u8 (sz 64) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash - ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice #u8 - (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - (key_pair.f_public_key.f_public_key_hash <: t_Slice u8) - <: - t_Slice u8) - in - let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (to_hash <: t_Slice u8) - in - let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (hashed <: t_Slice u8) - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - in - let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 - v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = - Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - (key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) - in - let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash - ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice #u8 - (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - <: - t_Slice u8) - in - let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (sz 32) - (to_hash <: t_Slice u8) - in - let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE - v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - key_pair.f_public_key.f_ind_cpa_public_key decrypted pseudorandomness - in - let selector:u8 = - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext - v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (expected_ciphertext <: t_Slice u8) - in - Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret - (implicit_rejection_shared_secret <: t_Slice u8) - selector - -let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) - (randomness: t_Array u8 (sz 64)) - (out: t_MlKemKeyPairUnpacked v_K v_Vector) - = - let ind_cpa_keypair_randomness:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_Range usize ] - in - let implicit_rejection_value:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_RangeFrom usize ] - in - let tmp0, tmp1:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = - Libcrux_ml_kem.Ind_cpa.generate_keypair_unpacked v_K - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - #v_Vector - #v_Hasher - #v_Scheme - ind_cpa_keypair_randomness - out.f_private_key.f_ind_cpa_private_key - out.f_public_key.f_ind_cpa_public_key - in - let out:t_MlKemKeyPairUnpacked v_K v_Vector = + let key_pair:t_MlKemKeyPairUnpacked v_K v_Vector = { - out with + key_pair with f_private_key = - { out.f_private_key with f_ind_cpa_private_key = tmp0 } + { + key_pair.f_private_key with + f_implicit_rejection_value + = + Core.Slice.impl__copy_from_slice #u8 + key_pair.f_private_key.f_implicit_rejection_value + implicit_rejection_value + } <: t_MlKemPrivateKeyUnpacked v_K v_Vector } <: t_MlKemKeyPairUnpacked v_K v_Vector in - let out:t_MlKemKeyPairUnpacked v_K v_Vector = + let key_pair:t_MlKemKeyPairUnpacked v_K v_Vector = { - out with + key_pair with f_public_key = - { out.f_public_key with f_ind_cpa_public_key = tmp1 } <: t_MlKemPublicKeyUnpacked v_K v_Vector + { + key_pair.f_public_key with + f_ind_cpa_public_key + = + { + key_pair.f_public_key.f_ind_cpa_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + = + Core.Slice.impl__copy_from_slice #u8 + key_pair.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + (ind_cpa_public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector } <: t_MlKemKeyPairUnpacked v_K v_Vector in - let _:Prims.unit = () in + key_pair + +let impl_2__from_private_key + (v_K: usize) + (#v_Vector: Type0) + (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + = let out:t_MlKemKeyPairUnpacked v_K v_Vector = - build_unpacked_keys v_K - v_BYTES_PER_RING_ELEMENT + Core.Default.f_default #(t_MlKemKeyPairUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + keys_from_private_key v_K + v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_T_AS_NTT_ENCODED_SIZE #v_Vector - #v_Hasher + private_key out - implicit_rejection_value in out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index 44df9a54f..a42619356 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -221,28 +221,6 @@ val impl_2__new: Prims.unit -> Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val build_unpacked_keys - (v_K v_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (out: t_MlKemKeyPairUnpacked v_K v_Vector) - (implicit_rejection_value: t_Slice u8) - : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Take a serialized private key and generate an unpacked key pair from it. -/// Note that we can't restore the seed for A. But it's not needed. -/// However, the unpacked public key in a key generated like this -/// is not fully usable. -val impl_2__from_private_key - (v_K: usize) - (#v_Vector: Type0) - (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: - usize) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) - val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -264,3 +242,23 @@ val generate_keypair (randomness: t_Array u8 (sz 64)) (out: t_MlKemKeyPairUnpacked v_K v_Vector) : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Take a serialized private key and generate an unpacked key pair from it. +val keys_from_private_key + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Take a serialized private key and generate an unpacked key pair from it. +val impl_2__from_private_key + (v_K: usize) + (#v_Vector: Type0) + (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_T_AS_NTT_ENCODED_SIZE: + usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index ed81731cd..e71864a5e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -176,33 +176,13 @@ let validate_public_key in public_key =. public_key_serialized -let unpack_private_key - (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - = - let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) - v_CPA_SECRET_KEY_SIZE - in - let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 secret_key v_PUBLIC_KEY_SIZE - in - let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - in - ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value - <: - (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) - -let validate_private_key - (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) +let validate_private_key_only + (v_K v_SECRET_KEY_SIZE: usize) (#v_Hasher: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = let t:t_Array u8 (sz 32) = Libcrux_ml_kem.Hash_functions.f_H #v_Hasher @@ -227,6 +207,16 @@ let validate_private_key in t =. expected +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = validate_private_key_only v_K v_SECRET_KEY_SIZE #v_Hasher private_key + let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -246,7 +236,9 @@ let decapsulate t_Slice u8 & t_Slice u8 & t_Slice u8) = - unpack_private_key v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE private_key + Libcrux_ml_kem.Types.unpack_private_key v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE + (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) in let decrypted:t_Array u8 (sz 32) = Libcrux_ml_kem.Ind_cpa.decrypt v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 90bd98cf4..4f561be5f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -48,12 +48,14 @@ val validate_public_key (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -val unpack_private_key - (v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) +/// Validate an ML-KEM private key. +/// This implements the Hash check in 7.3 3. +val validate_private_key_only + (v_K v_SECRET_KEY_SIZE: usize) + (#v_Hasher: Type0) + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - : Prims.Pure (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate an ML-KEM private key. /// This implements the Hash check in 7.3 3. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst index 9767ba34a..090b83138 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst @@ -130,14 +130,14 @@ let key_pair_from_private_mut = let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 4) - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1536) (sz 1536) private_key + key_pair in key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti index fdf63677a..538403ec3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -93,7 +93,6 @@ val init_key_pair: Prims.unit Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. -/// Note that this is missing the seed of A, which is unrecoverable. val key_pair_from_private_mut (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (key_pair: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index a7e01533b..c32c46655 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -13,6 +13,9 @@ let validate_private_key private_key ciphertext +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 4) (sz 3168) private_key + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index 24fb25cc9..3639ad2ec 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -10,6 +10,11 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate the private key only. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst index a8270fc67..73bd9b119 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst @@ -130,14 +130,14 @@ let key_pair_from_private_mut = let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 4) - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1536) (sz 1536) private_key + key_pair in key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti index 6d9765a57..cee2df61c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -103,7 +103,6 @@ val init_key_pair: Prims.unit (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. -/// Note that this is missing the seed of A, which is unrecoverable. val key_pair_from_private_mut (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (key_pair: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index e89c0a92f..998288fcd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -13,6 +13,9 @@ let validate_private_key private_key ciphertext +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 4) (sz 3168) private_key + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index 32080b0df..764b28578 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -10,6 +10,11 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate the private key only. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst index 28eaccddf..c06cea855 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst @@ -130,14 +130,14 @@ let key_pair_from_private_mut = let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 4) - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1536) (sz 1536) private_key + key_pair in key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti index ff42b6211..52a00e90c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -103,7 +103,6 @@ val init_key_pair: Prims.unit (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. -/// Note that this is missing the seed of A, which is unrecoverable. val key_pair_from_private_mut (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (key_pair: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index 326b30645..d4a4eb1fd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -13,6 +13,11 @@ let validate_private_key private_key ciphertext +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 4) + (sz 3168) + private_key + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index 4ba09a9a9..f9be395f7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -10,6 +10,11 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate the private key only. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst index 08fa82d1f..b24007b1f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst @@ -126,14 +126,14 @@ let key_pair_from_private_mut = let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 2) - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) private_key + key_pair in key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti index c8587b1e5..8c31b6290 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -91,7 +91,6 @@ val init_key_pair: Prims.unit Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. -/// Note that this is missing the seed of A, which is unrecoverable. val key_pair_from_private_mut (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (key_pair: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index f58c71977..8f5da9d9d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -13,6 +13,9 @@ let validate_private_key private_key ciphertext +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 2) (sz 1632) private_key + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index 5b846dc53..7ce084a04 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -10,6 +10,11 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate the private key only. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst index 0508184a9..c76973e5a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst @@ -126,14 +126,14 @@ let key_pair_from_private_mut = let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 2) - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) private_key + key_pair in key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti index 4da6524e0..54b8c9688 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -101,7 +101,6 @@ val init_key_pair: Prims.unit (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. -/// Note that this is missing the seed of A, which is unrecoverable. val key_pair_from_private_mut (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (key_pair: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 5e88a7193..b24f8684b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -13,6 +13,9 @@ let validate_private_key private_key ciphertext +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 2) (sz 1632) private_key + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index f737bc363..5d658a252 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -10,6 +10,11 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate the private key only. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst index 4af2855df..7baf894ce 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst @@ -127,14 +127,14 @@ let key_pair_from_private_mut = let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 2) - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) private_key + key_pair in key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti index 49e4d2959..4b0381150 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -101,7 +101,6 @@ val init_key_pair: Prims.unit (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. -/// Note that this is missing the seed of A, which is unrecoverable. val key_pair_from_private_mut (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (key_pair: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 47ebe2fe6..2f0624828 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -13,6 +13,11 @@ let validate_private_key private_key ciphertext +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 2) + (sz 1632) + private_key + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index 277ef3588..2aa0eb089 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -10,6 +10,11 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate the private key only. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst index a16a1af5b..ab0f1a6ad 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst @@ -124,14 +124,14 @@ let key_pair_from_private_mut = let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 3) - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.keypair_from_private_key (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1152) (sz 1152) private_key + key_pair in key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti index 889a68df9..b7cb0c69f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -91,7 +91,6 @@ val init_key_pair: Prims.unit Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. -/// Note that this is missing the seed of A, which is unrecoverable. val key_pair_from_private_mut (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (key_pair: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index a57fd2b32..33f27771c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -13,6 +13,9 @@ let validate_private_key private_key ciphertext +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key_only (sz 3) (sz 2400) private_key + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index 316f123b3..be82eee5f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -10,6 +10,11 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate the private key only. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst index 7766dd0ae..9112b91d8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst @@ -125,14 +125,14 @@ let key_pair_from_private_mut = let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 3) - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.keypair_from_private_key (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1152) (sz 1152) private_key + key_pair in key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti index 1742e3afe..dd9292994 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -102,7 +102,6 @@ val init_key_pair: Prims.unit (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. -/// Note that this is missing the seed of A, which is unrecoverable. val key_pair_from_private_mut (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (key_pair: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index b8e43d354..e24ec2be2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -13,6 +13,9 @@ let validate_private_key private_key ciphertext +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key_only (sz 3) (sz 2400) private_key + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index 6b527d102..2e9433346 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -10,6 +10,11 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate the private key only. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst index 02219386f..b78dc56bb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst @@ -125,14 +125,14 @@ let key_pair_from_private_mut = let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__from_private_key (sz 3) - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.keypair_from_private_key (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1152) (sz 1152) private_key + key_pair in key_pair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti index dfb7ace57..ebaada192 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -102,7 +102,6 @@ val init_key_pair: Prims.unit (fun _ -> Prims.l_True) /// Get an unpacked key from a private key. -/// Note that this is missing the seed of A, which is unrecoverable. val key_pair_from_private_mut (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (key_pair: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index 9690ed48f..455e4a6b4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -13,6 +13,11 @@ let validate_private_key private_key ciphertext +let validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key_only (sz 3) + (sz 2400) + private_key + let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index a44262014..5b4868d13 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -10,6 +10,11 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate the private key only. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key_only (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Validate a public key. /// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index 9e95712a0..c3f5d2135 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -9,6 +9,20 @@ let impl_14__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE let impl_21__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private_key: t_Slice u8) = + let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 private_key v_CPA_SECRET_KEY_SIZE + in + let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 secret_key v_PUBLIC_KEY_SIZE + in + let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE + in + ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value + <: + (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) + let impl_7__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value let impl_14__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index d533a764b..8cf66b7dd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -15,6 +15,14 @@ val impl_14__len: v_SIZE: usize -> Prims.unit val impl_21__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) +/// Unpack an incoming private key into it's different parts. +/// +/// We have this here in types to extract into a common core for C. +val unpack_private_key (v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (private_key: t_Slice u8) + : Prims.Pure (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) + ///An ML-KEM Ciphertext type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } From c13257a303454adcdf7294cef61016f17c8f5593 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 11 Oct 2024 08:43:58 +0000 Subject: [PATCH 09/17] regenerate mlkem C --- libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/internal/libcrux_core.h | 127 +- .../c/internal/libcrux_mlkem_avx2.h | 51 +- .../c/internal/libcrux_mlkem_portable.h | 51 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 74 +- libcrux-ml-kem/c/libcrux_core.c | 216 ++- libcrux-ml-kem/c/libcrux_core.h | 70 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 35 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 14 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 35 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 14 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 35 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 14 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 35 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 14 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 35 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 14 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 35 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 14 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1716 +++++++---------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1056 +++++----- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 48 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 12 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 26 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +- libcrux-ml-kem/cg/code_gen.txt | 6 +- libcrux-ml-kem/cg/libcrux_core.h | 55 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 6 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 1582 ++++++--------- .../cg/libcrux_mlkem768_avx2_types.h | 92 - libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 645 ++++--- .../cg/libcrux_mlkem768_portable_types.h | 95 - libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 24 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 100 +- 42 files changed, 2914 insertions(+), 3492 deletions(-) delete mode 100644 libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h delete mode 100644 libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 5ec52d2d0..841294d90 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 -Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c -Karamel: 8c3612018c25889288da6857771be3ad03b75bcd +Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 +Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 +Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index fe88ed869..b2772b11e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __internal_libcrux_core_H @@ -60,18 +60,6 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 1568 -*/ -libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_40_af( - uint8_t value[1568U]); - /** Create a new [`MlKemKeyPair`] from the secret and public key. */ @@ -101,18 +89,6 @@ with const generics libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_88_39( uint8_t value[3168U]); -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 1184 -*/ -libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_40_d0( - uint8_t value[1184U]); - /** Create a new [`MlKemKeyPair`] from the secret and public key. */ @@ -142,18 +118,6 @@ with const generics libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_88_28( uint8_t value[2400U]); -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 800 -*/ -libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_40_4d( - uint8_t value[800U]); - /** Create a new [`MlKemKeyPair`] from the secret and public key. */ @@ -197,6 +161,39 @@ with const generics uint8_t *libcrux_ml_kem_types_as_slice_ba_d0( libcrux_ml_kem_types_MlKemPublicKey_30 *self); +/** +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#17} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.from_40 +with const generics +- SIZE= 1184 +*/ +libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_40_d0( + uint8_t value[1184U]); + +typedef struct Eurydice_slice_uint8_t_x4_s { + Eurydice_slice fst; + Eurydice_slice snd; + Eurydice_slice thd; + Eurydice_slice f3; +} Eurydice_slice_uint8_t_x4; + +/** + Unpack an incoming private key into it's different parts. + + We have this here in types to extract into a common core for C. +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.unpack_private_key +with const generics +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_slice private_key); + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemCiphertext)#3} @@ -246,6 +243,32 @@ with const generics uint8_t *libcrux_ml_kem_types_as_slice_ba_4d( libcrux_ml_kem_types_MlKemPublicKey_52 *self); +/** +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#17} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.from_40 +with const generics +- SIZE= 800 +*/ +libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_40_4d( + uint8_t value[800U]); + +/** + Unpack an incoming private key into it's different parts. + + We have this here in types to extract into a common core for C. +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.unpack_private_key +with const generics +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_0c( + Eurydice_slice private_key); + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemCiphertext)#3} @@ -295,6 +318,32 @@ with const generics uint8_t *libcrux_ml_kem_types_as_slice_ba_af( libcrux_ml_kem_types_MlKemPublicKey_64 *self); +/** +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#17} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.from_40 +with const generics +- SIZE= 1568 +*/ +libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_40_af( + uint8_t value[1568U]); + +/** + Unpack an incoming private key into it's different parts. + + We have this here in types to extract into a common core for C. +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.unpack_private_key +with const generics +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_1f( + Eurydice_slice private_key); + /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index f5ebb2704..ea24301b4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -50,6 +50,21 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_ed(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key); + /** Validate an ML-KEM private key. @@ -159,6 +174,21 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_1e(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_only_5e( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key); + /** Validate an ML-KEM private key. @@ -268,6 +298,21 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_ba(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_only_4d( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key); + /** Validate an ML-KEM private key. diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 4619403c0..d77498ba8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -55,6 +55,21 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_only_60( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key); + /** Validate an ML-KEM private key. @@ -164,6 +179,21 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_86(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_only_30( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key); + /** Validate an ML-KEM private key. @@ -273,6 +303,21 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key); + /** Validate an ML-KEM private key. diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index a2ad7982b..bfd1569b4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index b40b062fa..56417df4c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __internal_libcrux_sha3_internal_H @@ -273,13 +273,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6( size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { - if ( - /* There's something buffered internally to consume. */ self->buf_len + - input_len >= - (size_t)136U) { - consumed = (size_t)136U - /* We have enough data when combining the - internal buffer and the input. */ - self->buf_len; + if (self->buf_len + input_len >= (size_t)136U) { + consumed = (size_t)136U - self->buf_len; { size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -385,9 +380,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6( memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs); - if ( - /* ... buffer the rest if there's not enough input (left). */ - input_remainder_len > (size_t)0U) { + if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { size_t i = (size_t)0U; @@ -734,13 +727,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60( size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { - if ( - /* There's something buffered internally to consume. */ self->buf_len + - input_len >= - (size_t)168U) { - consumed = (size_t)168U - /* We have enough data when combining the - internal buffer and the input. */ - self->buf_len; + if (self->buf_len + input_len >= (size_t)168U) { + consumed = (size_t)168U - self->buf_len; { size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -846,9 +834,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60( memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs); - if ( - /* ... buffer the rest if there's not enough input (left). */ - input_remainder_len > (size_t)0U) { + if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { size_t i = (size_t)0U; @@ -1238,13 +1224,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6( size_t blocks = out_len / (size_t)136U; size_t last = out_len - out_len % (size_t)136U; size_t mid; - if ((size_t)136U >= - /* Squeeze out one to start with. XXX: Eurydice does not extract - `core::cmp::min`, so we do this instead. (cf. - https://github.com/AeneasVerif/eurydice/issues/49) */ - out_len - - ) { + if ((size_t)136U >= out_len) { mid = out_len; } else { mid = (size_t)136U; @@ -1258,11 +1238,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6( libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00); core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_08){ - .start = (size_t)1U, - .end = /* If we got asked for more than one block, squeeze out - more. */ - blocks}), + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, + .end = blocks}), core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( @@ -1271,11 +1248,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we - always have full - blocks to write out. - */ - out_rest, + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, (size_t)136U); Eurydice_slice out0[1U]; memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1370,13 +1343,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60( size_t blocks = out_len / (size_t)168U; size_t last = out_len - out_len % (size_t)168U; size_t mid; - if ((size_t)168U >= - /* Squeeze out one to start with. XXX: Eurydice does not extract - `core::cmp::min`, so we do this instead. (cf. - https://github.com/AeneasVerif/eurydice/issues/49) */ - out_len - - ) { + if ((size_t)168U >= out_len) { mid = out_len; } else { mid = (size_t)168U; @@ -1390,11 +1357,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60( libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00); core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_08){ - .start = (size_t)1U, - .end = /* If we got asked for more than one block, squeeze out - more. */ - blocks}), + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, + .end = blocks}), core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( @@ -1403,11 +1367,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we - always have full - blocks to write out. - */ - out_rest, + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, (size_t)168U); Eurydice_slice out0[1U]; memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index b0387843b..d96a6b701 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "internal/libcrux_core.h" @@ -82,25 +82,6 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 1568 -*/ -libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_40_af( - uint8_t value[1568U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_64 lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - /** Create a new [`MlKemKeyPair`] from the secret and public key. */ @@ -140,25 +121,6 @@ libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_88_39( return lit; } -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 1184 -*/ -libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_40_d0( - uint8_t value[1184U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1184U]; - memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_30 lit; - memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - /** Create a new [`MlKemKeyPair`] from the secret and public key. */ @@ -198,25 +160,6 @@ libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_88_28( return lit; } -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 800 -*/ -libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_40_4d( - uint8_t value[800U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[800U]; - memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_52 lit; - memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); - return lit; -} - /** Create a new [`MlKemKeyPair`] from the secret and public key. */ @@ -271,6 +214,57 @@ uint8_t *libcrux_ml_kem_types_as_slice_ba_d0( return self->value; } +/** +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#17} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.from_40 +with const generics +- SIZE= 1184 +*/ +libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_40_d0( + uint8_t value[1184U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_30 lit; + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** + Unpack an incoming private key into it's different parts. + + We have this here in types to extract into a common core for C. +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.unpack_private_key +with const generics +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_slice private_key) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + private_key, (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + return (CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key, + .snd = ind_cpa_public_key, + .thd = ind_cpa_public_key_hash, + .f3 = implicit_rejection_value}); +} + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemCiphertext)#3} @@ -339,6 +333,57 @@ uint8_t *libcrux_ml_kem_types_as_slice_ba_4d( return self->value; } +/** +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#17} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.from_40 +with const generics +- SIZE= 800 +*/ +libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_40_4d( + uint8_t value[800U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_52 lit; + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** + Unpack an incoming private key into it's different parts. + + We have this here in types to extract into a common core for C. +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.unpack_private_key +with const generics +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_0c( + Eurydice_slice private_key) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + private_key, (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + return (CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key, + .snd = ind_cpa_public_key, + .thd = ind_cpa_public_key_hash, + .f3 = implicit_rejection_value}); +} + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemCiphertext)#3} @@ -407,6 +452,57 @@ uint8_t *libcrux_ml_kem_types_as_slice_ba_af( return self->value; } +/** +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#17} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.from_40 +with const generics +- SIZE= 1568 +*/ +libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_40_af( + uint8_t value[1568U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_64 lit; + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** + Unpack an incoming private key into it's different parts. + + We have this here in types to extract into a common core for C. +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.unpack_private_key +with const generics +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_1f( + Eurydice_slice private_key) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + private_key, (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + return (CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key, + .snd = ind_cpa_public_key, + .thd = ind_cpa_public_key_hash, + .f3 = implicit_rejection_value}); +} + /** This function found in impl {core::result::Result[TraitClause@0, TraitClause@1]} diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 558ada43b..792a5e27e 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_core_H @@ -54,15 +54,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $1568size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_64_s { - uint8_t value[1568U]; -} libcrux_ml_kem_types_MlKemPublicKey_64; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey with const generics @@ -72,19 +63,19 @@ typedef struct libcrux_ml_kem_types_MlKemPrivateKey_83_s { uint8_t value[3168U]; } libcrux_ml_kem_types_MlKemPrivateKey_83; -typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_83 sk; - libcrux_ml_kem_types_MlKemPublicKey_64 pk; -} libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics -- $1184size_t +- $1568size_t */ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s { - uint8_t value[1184U]; -} libcrux_ml_kem_types_MlKemPublicKey_30; +typedef struct libcrux_ml_kem_types_MlKemPublicKey_64_s { + uint8_t value[1568U]; +} libcrux_ml_kem_types_MlKemPublicKey_64; + +typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s { + libcrux_ml_kem_types_MlKemPrivateKey_83 sk; + libcrux_ml_kem_types_MlKemPublicKey_64 pk; +} libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey @@ -95,19 +86,19 @@ typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s { uint8_t value[2400U]; } libcrux_ml_kem_types_MlKemPrivateKey_d9; -typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_d9 sk; - libcrux_ml_kem_types_MlKemPublicKey_30 pk; -} libcrux_ml_kem_mlkem768_MlKem768KeyPair; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics -- $800size_t +- $1184size_t */ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_52_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_52; +typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s { + uint8_t value[1184U]; +} libcrux_ml_kem_types_MlKemPublicKey_30; + +typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { + libcrux_ml_kem_types_MlKemPrivateKey_d9 sk; + libcrux_ml_kem_types_MlKemPublicKey_30 pk; +} libcrux_ml_kem_mlkem768_MlKem768KeyPair; /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey @@ -118,6 +109,15 @@ typedef struct libcrux_ml_kem_types_MlKemPrivateKey_fa_s { uint8_t value[1632U]; } libcrux_ml_kem_types_MlKemPrivateKey_fa; +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_52_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_52; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair with const generics @@ -129,6 +129,11 @@ typedef struct libcrux_ml_kem_types_MlKemKeyPair_3e_s { libcrux_ml_kem_types_MlKemPublicKey_52 pk; } libcrux_ml_kem_types_MlKemKeyPair_3e; +typedef struct Eurydice_slice_uint8_t_x2_s { + Eurydice_slice fst; + Eurydice_slice snd; +} Eurydice_slice_uint8_t_x2; + typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; @@ -207,11 +212,6 @@ with types uint8_t[8size_t], core_array_TryFromSliceError */ void core_result_unwrap_26_68(core_result_Result_15 self, uint8_t ret[8U]); -typedef struct Eurydice_slice_uint8_t_x2_s { - Eurydice_slice fst; - Eurydice_slice snd; -} Eurydice_slice_uint8_t_x2; - typedef struct Eurydice_slice_uint8_t_1size_t__x2_s { Eurydice_slice fst[1U]; Eurydice_slice snd[1U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index f9c9eec0c..a3d9fe40c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 7ea4e15ca..d06483fdb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "libcrux_mlkem1024_avx2.h" @@ -135,7 +135,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { } /** - Portable private key validation + Private key validation */ /** A monomorphic instance of @@ -164,7 +164,32 @@ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( } /** - Portable public key validation + Private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const +generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +*/ +static KRML_MUSTINLINE bool validate_private_key_only_44( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_5e(private_key); +} + +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) { + return validate_private_key_only_44(private_key); +} + +/** + Public key validation */ /** A monomorphic instance of diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 98e9899b2..9f3b981a5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext); +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key); + /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 8c8ddab29..4d3bd9ad9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "libcrux_mlkem1024_portable.h" @@ -136,7 +136,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { } /** - Portable private key validation + Private key validation */ /** A monomorphic instance of @@ -165,7 +165,32 @@ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( } /** - Portable public key validation + Private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with +const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +*/ +static KRML_MUSTINLINE bool validate_private_key_only_44( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_60(private_key); +} + +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_portable_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) { + return validate_private_key_only_44(private_key); +} + +/** + Public key validation */ /** A monomorphic instance of diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 9c323c186..fb5b41a46 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem1024_portable_H @@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext); +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_portable_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key); + /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index a0ed0868b..3540af74c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index b9a327fef..1b318be8c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "libcrux_mlkem512_avx2.h" @@ -135,7 +135,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { } /** - Portable private key validation + Private key validation */ /** A monomorphic instance of @@ -164,7 +164,32 @@ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( } /** - Portable public key validation + Private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const +generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +*/ +static KRML_MUSTINLINE bool validate_private_key_only_49( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_4d(private_key); +} + +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_avx2_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) { + return validate_private_key_only_49(private_key); +} + +/** + Public key validation */ /** A monomorphic instance of diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 6b38fb88e..4c7acc723 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem512_avx2_H @@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext); +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_avx2_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key); + /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 298c4f14c..eb3065b12 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "libcrux_mlkem512_portable.h" @@ -136,7 +136,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { } /** - Portable private key validation + Private key validation */ /** A monomorphic instance of @@ -165,7 +165,32 @@ bool libcrux_ml_kem_mlkem512_portable_validate_private_key( } /** - Portable public key validation + Private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with +const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +*/ +static KRML_MUSTINLINE bool validate_private_key_only_49( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_30(private_key); +} + +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_portable_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) { + return validate_private_key_only_49(private_key); +} + +/** + Public key validation */ /** A monomorphic instance of diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 578f9f508..e2e4a42b2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem512_portable_H @@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext); +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_portable_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key); + /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index a2acef3fa..b163bbc2e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 73864720c..14b284837 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "libcrux_mlkem768_avx2.h" @@ -135,7 +135,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { } /** - Portable private key validation + Private key validation */ /** A monomorphic instance of @@ -164,7 +164,32 @@ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( } /** - Portable public key validation + Private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +*/ +static KRML_MUSTINLINE bool validate_private_key_only_41( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_ae(private_key); +} + +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_avx2_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { + return validate_private_key_only_41(private_key); +} + +/** + Public key validation */ /** A monomorphic instance of diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 07713cf56..d1d95f92a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem768_avx2_H @@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext); +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_avx2_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key); + /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index dbed46f84..30d565fed 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "libcrux_mlkem768_portable.h" @@ -136,7 +136,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { } /** - Portable private key validation + Private key validation */ /** A monomorphic instance of @@ -165,7 +165,32 @@ bool libcrux_ml_kem_mlkem768_portable_validate_private_key( } /** - Portable public key validation + Private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with +const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +*/ +static KRML_MUSTINLINE bool validate_private_key_only_41( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key); +} + +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_portable_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { + return validate_private_key_only_41(private_key); +} + +/** + Public key validation */ /** A monomorphic instance of diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index df6ee6d43..8e27d45dd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem768_portable_H @@ -58,6 +58,14 @@ bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext); +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_portable_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key); + /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index ded682481..e3a605234 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "internal/libcrux_mlkem_avx2.h" @@ -135,16 +135,11 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { __m256i field_modulus = mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i v_minus_field_modulus = - mm256_sub_epi16(/* Compute v_i - Q and crate a mask from the sign bit of - each of these quantities. */ - vector, - field_modulus); + __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); __m256i sign_mask = mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i); - __m256i conditional_add_field_modulus = mm256_and_si256( - /* If v_i - Q < 0 then add back Q to (v_i - Q). */ sign_mask, - field_modulus); + __m256i conditional_add_field_modulus = + mm256_and_si256(sign_mask, field_modulus); return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); } @@ -448,7 +443,6 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - /* Compute the first term of the product */ __m256i shuffle_with = mm256_set_epi8( (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, @@ -456,8 +450,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0); - __m256i lhs_shuffled = - mm256_shuffle_epi8(/* Prepare the left hand side */ lhs, shuffle_with); + __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with); __m256i lhs_shuffled0 = mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i); __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0); @@ -465,8 +458,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m128i lhs_odds = mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i); __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds); - __m256i rhs_shuffled = - mm256_shuffle_epi8(/* Prepare the right hand side */ rhs, shuffle_with); + __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with); __m256i rhs_shuffled0 = mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i); __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0); @@ -474,8 +466,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m128i rhs_odds = mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i); __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds); - __m256i left = - mm256_mullo_epi32(/* Start operating with them */ lhs_evens0, rhs_evens0); + __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0); __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0); __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); @@ -488,7 +479,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); __m256i rhs_adjacent_swapped = mm256_shuffle_epi8( - /* Compute the second term of the product */ rhs, + rhs, mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, @@ -502,9 +493,8 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( products_right); __m256i products_right1 = mm256_slli_epi32((int32_t)16, products_right0, __m256i); - return mm256_blend_epi16((int32_t)170, - /* Combine them into one vector */ products_left0, - products_right1, __m256i); + return mm256_blend_epi16((int32_t)170, products_left0, products_right1, + __m256i); } /** @@ -521,44 +511,11 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( __m256i vector, uint8_t ret[2U]) { - __m256i lsb_to_msb = mm256_slli_epi16( - (int32_t)15, - /* Suppose |vector| is laid out as follows (superscript number indicates - the corresponding bit is duplicated that many times): 0¹⁵a₀ 0¹⁵b₀ 0¹⁵c₀ - 0¹⁵d₀ | 0¹⁵e₀ 0¹⁵f₀ 0¹⁵g₀ 0¹⁵h₀ | ... We care only about the least - significant bit in each lane, move it to the most significant position - to make it easier to work with. |vector| now becomes: a₀0¹⁵ b₀0¹⁵ c₀0¹⁵ - d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ | ↩ i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵ - n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ */ - vector, __m256i); - __m128i low_msbs = mm256_castsi256_si128( - /* Get the first 8 16-bit elements ... */ lsb_to_msb); - __m128i high_msbs = mm256_extracti128_si256( - (int32_t)1, - /* ... and the next 8 16-bit elements ... */ lsb_to_msb, __m128i); - __m128i msbs = - mm_packs_epi16(/* ... and then pack them into 8-bit values using signed - saturation. This function packs all the |low_msbs|, and - then the high ones. low_msbs = a₀0¹⁵ b₀0¹⁵ c₀0¹⁵ d₀0¹⁵ | - e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ high_msbs = i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ - l₀0¹⁵ | m₀0¹⁵ n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ We shifted by 15 above - to take advantage of the signed saturation performed by - mm_packs_epi16: - if the sign bit of the 16-bit element - being packed is 1, the corresponding 8-bit element in - |msbs| will be 0xFF. - if the sign bit of the 16-bit - element being packed is 0, the corresponding 8-bit - element in |msbs| will be 0. Thus, if, for example, a₀ = - 1, e₀ = 1, and p₀ = 1, and every other bit is 0, after - packing into 8 bit value, |msbs| will look like: 0xFF - 0x00 0x00 0x00 | 0xFF 0x00 0x00 0x00 | 0x00 0x00 0x00 - 0x00 | 0x00 0x00 0x00 0xFF */ - low_msbs, - high_msbs); - int32_t bits_packed = - mm_movemask_epi8(/* Now that every element is either 0xFF or 0x00, we just - extract the most significant bit from each element and - collate them into two bytes. */ - msbs); + __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; serialized[1U] = (uint8_t)(bits_packed >> 8U); @@ -577,19 +534,7 @@ void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index( - bytes, - /* We need to take each bit from the 2 bytes of input and put them - into their own 16-bit lane. Ideally, we'd load the two bytes into - the vector, duplicate them, and right-shift the 0th element by 0 - bits, the first element by 1 bit, the second by 2 bits and so on - before AND-ing with 0x1 to leave only the least signifinicant bit. - But since |_mm256_srlv_epi16| does not exist, so we have to resort - to a workaround. Rather than shifting each element by a different - amount, we'll multiply each element by a value such that the bit - we're interested in becomes the most significant bit. The - coefficients are loaded as follows: */ - (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), @@ -612,11 +557,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); __m256i coefficients_in_msb = mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return mm256_srli_epi16( - (int32_t)15, - /* Now that they're all in the most significant bit position, shift them - down to the least significant bit. */ - coefficients_in_msb, __m256i); + return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } /** @@ -630,54 +571,28 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = - mm256_madd_epi16(/* If |vector| is laid out as follows: 0x000A 0x000B - 0x000C 0x000D | 0x000E 0x000F 0x000G 0x000H | .... - |adjacent_2_combined| will be laid out as a series of - 32-bit integeres, as follows: 0x00_00_00_BA - 0x00_00_00_DC | 0x00_00_00_FE 0x00_00_00_HG | ... */ - vector, - mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, - (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, - (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, - (int16_t)1)); - __m256i adjacent_8_combined = - mm256_shuffle_epi8(/* Recall that |adjacent_2_combined| goes as follows: - 0x00_00_00_BA 0x00_00_00_DC | 0x00_00_00_FE - 0x00_00_00_HG | ... Out of this, we only need the - first byte, the 4th byte, the 8th byte and so on - from the bottom and the top 128 bits. */ - adjacent_2_combined, - mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); - __m256i combined = - mm256_permutevar8x32_epi32(/* |adjacent_8_combined| looks like this: 0: - 0xHG_FE_DC_BA 1: 0x00_00_00_00 | 2: - 0x00_00_00_00 3: 0x00_00_00_00 | 4: - 0xPO_NM_LK_JI .... We put the element at 4 - after the element at 0 ... */ - adjacent_8_combined, - mm256_set_epi32((int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, - (int32_t)4, (int32_t)0)); + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_2_combined, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + __m256i combined = mm256_permutevar8x32_epi32( + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); __m128i combined0 = mm256_castsi256_si128(combined); mm_storeu_bytes_si128( - Eurydice_array_to_slice( - (size_t)16U, - /* ... so that we can read them out in one go. */ serialized, - uint8_t), - combined0); + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; core_result_Result_15 dst; Eurydice_slice_to_array2( @@ -700,24 +615,9 @@ void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index( - bytes, - /* Every 4 bits from each byte of input should be put into its own - 16-bit lane. Since |_mm256_srlv_epi16| does not exist, we have to - resort to a workaround. Rather than shifting each element by a - different amount, we'll multiply each element by a value such that - the bits we're interested in become the most significant bits (of - an 8-bit value). In this lane, the 4 bits we need to put are - already the most significant bits of |bytes[7]|. */ - (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index( - bytes, - /* In this lane, the 4 bits we need to put are the least significant - bits, so we need to shift the 4 least-significant bits of - |bytes[7]| to the most significant bits (of an 8-bit value). */ - (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, /* and so on ... */ (size_t)6U, - uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), @@ -738,12 +638,9 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); __m256i coefficients_in_msb = mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); - __m256i coefficients_in_lsb = mm256_srli_epi16( - (int32_t)4, - /* Once the 4-bit coefficients are in the most significant positions (of - an 8-bit value), shift them all down by 4. */ - coefficients_in_msb, __m256i); - return mm256_and_si256(/* Zero the remaining bits. */ coefficients_in_lsb, + __m256i coefficients_in_lsb = + mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); + return mm256_and_si256(coefficients_in_lsb, mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); } @@ -758,78 +655,32 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = - mm256_madd_epi16(/* If |vector| is laid out as follows (superscript number - indicates the corresponding bit is duplicated that - many times): 0¹¹a₄a₃a₂a₁a₀ 0¹¹b₄b₃b₂b₁b₀ 0¹¹c₄c₃c₂c₁c₀ - 0¹¹d₄d₃d₂d₁d₀ | ↩ 0¹¹e₄e₃e₂e₁e₀ 0¹¹f₄f₃f₂f₁f₀ - 0¹¹g₄g₃g₂g₁g₀ 0¹¹h₄h₃h₂h₁h₀ | ↩ |adjacent_2_combined| - will be laid out as a series of 32-bit integers, as - follows: 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ - 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ - 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ .... */ - vector, - mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, - (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, - (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, - (int16_t)1)); - __m256i adjacent_4_combined = - mm256_sllv_epi32(/* Recall that |adjacent_2_combined| is laid out as - follows: 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ - 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ - 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ .... This shift results - in: b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | - ↩ f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ - .... */ - adjacent_2_combined, - mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22, - (int32_t)0, (int32_t)22)); - __m256i adjacent_4_combined0 = mm256_srli_epi64( - (int32_t)22, - /* |adjacent_4_combined|, when viewed as 64-bit lanes, is: - 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² | ↩ - 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² | ↩ ... so we just shift - down by 22 bits to remove the least significant 0 bits that aren't part - of the bits we need. */ - adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = mm256_shuffle_epi32( - (int32_t)8, - /* |adjacent_4_combined|, when viewed as a set of 32-bit values, looks - like: 0:0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ 1:0³² - 2:0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 3:0³² | ↩ To be able to - read out the bytes in one go, we need to shifts the bits in position 2 - to position 1 in each 128-bit lane. */ - adjacent_4_combined0, __m256i); - __m256i adjacent_8_combined0 = - mm256_sllv_epi32(/* |adjacent_8_combined|, when viewed as a set of 32-bit - values, now looks like: - 0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ - 0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 0³² 0³² | - ↩ Once again, we line these bits up by shifting the up - values at indices 0 and 5 by 12, viewing the resulting - register as a set of 64-bit values, and then shifting - down the 64-bit values by 12 bits. */ - adjacent_8_combined, - mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)12)); + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = + mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = mm256_sllv_epi32( + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12)); __m256i adjacent_8_combined1 = mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); - __m128i lower_8 = - mm256_castsi256_si128(/* We now have 40 bits starting at position 0 in the - lower 128-bit lane, ... */ - adjacent_8_combined1); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - __m128i upper_8 = mm256_extracti128_si256( - (int32_t)1, - /* ... and the second 40 bits at position 0 in the upper 128-bit lane */ - adjacent_8_combined1, __m128i); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); @@ -905,78 +756,34 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = - mm256_madd_epi16(/* If |vector| is laid out as follows (superscript number - indicates the corresponding bit is duplicated that - many times): 0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ - 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀ 0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ - 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩ 0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ - 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀ 0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ - 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ ... |adjacent_2_combined| - will be laid out as a series of 32-bit integers, as - follows: 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ - 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ - 0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ - 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ .... - */ - vector, - mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1)); - __m256i adjacent_4_combined = - mm256_sllv_epi32(/* Shifting up the values at the even indices by 12, we - get: b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² - 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ - f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² - 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ ... */ - adjacent_2_combined, - mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12)); + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); __m256i adjacent_4_combined0 = - mm256_srli_epi64((int32_t)12, - /* Viewing this as a set of 64-bit integers we get: - 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² - | ↩ - 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² - | ↩ ... Shifting down by 12 gives us: - 0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ - | ↩ - 0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ - | ↩ ... */ - adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = - mm256_shuffle_epi8(/* |adjacent_4_combined|, when the bottom and top 128 - bit-lanes are grouped into bytes, looks like: - 0₇0₆0₅B₄B₃B₂B₁B₀ | ↩ 0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩ In - each 128-bit lane, we want to put bytes 8, 9, 10, - 11, 12 after bytes 0, 1, 2, 3 to allow for - sequential reading. */ - adjacent_4_combined0, - mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, - (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, - (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, - (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, - (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - __m128i lower_8 = - mm256_castsi256_si128(/* We now have 64 bits starting at position 0 in the - lower 128-bit lane, ... */ - adjacent_8_combined); + mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined0, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - __m128i upper_8 = mm256_extracti128_si256( - (int32_t)1, - /* and 64 bits starting at position 0 in the upper 128-bit lane. */ - adjacent_8_combined, __m128i); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t), upper_8); @@ -1165,64 +972,26 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( __m256i field_modulus = mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(/* The input bytes can - be interpreted as a - sequence of - serialized 12-bit - (i.e. uncompressed) - coefficients. Not - all coefficients - may be less than - FIELD_MODULUS - though. */ - input); + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); __m256i compare_with_field_modulus = - mm256_cmpgt_epi16(/* Suppose we view |potential_coefficients| as follows - (grouping 64-bit elements): A B C D | E F G H | .... - and A < 3329, D < 3329 and H < 3329, - |compare_with_field_modulus| will look like: 0xFF 0 0 - 0xFF | 0 0 0 0xFF | ... */ - field_modulus, - potential_coefficients); + mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(/* Since every bit in each - lane is either 0 or 1, we - only need one bit from - each lane in the register - to tell us what - coefficients to keep and - what to throw-away. - Combine all the bits - (there are 16) into two - bytes. */ - compare_with_field_modulus, + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); uint8_t lower_shuffles[16U]; memcpy(lower_shuffles, - /* Each bit (and its corresponding position) represents an element we - want to sample. We'd like all such elements to be next to each other - starting at index 0, so that they can be read from the vector - easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level - shuffling indices needed to make this happen. For e.g. if good[0] = - 0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit - lane to the first. To do this, we need the byte-level shuffle - indices to be 2 3 X X X X ... */ libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, - /* Shuffle the lower 8 16-bits accordingly ... */ lower_shuffles, - uint8_t)); + __m128i lower_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); __m128i lower_coefficients0 = mm_shuffle_epi8(lower_coefficients, lower_shuffles0); - mm_storeu_si128(/* ... then write them out ... */ output, - lower_coefficients0); + mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, - /* Do the same for |goood[1]| */ libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); @@ -1556,28 +1325,20 @@ static KRML_MUSTINLINE void H_a9_e0(Eurydice_slice input, uint8_t ret[32U]) { Validate an ML-KEM private key. This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - SECRET_KEY_SIZE= 2400 -- CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_12( - libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { +bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { uint8_t t[32U]; - H_a9_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly - on the types. We need to go to the - `value` directly. */ - private_key->value, - (size_t)384U * (size_t)3U, - (size_t)768U * (size_t)3U + (size_t)32U, - uint8_t), + H_a9_e0(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, @@ -1586,6 +1347,27 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_12( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_12( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_ae(private_key); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -2039,10 +1821,6 @@ static KRML_MUSTINLINE void sample_from_xof_6c1( memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_ed( copy_of_randomness0, sampled_coefficients, out); - /* Requiring more than 5 blocks to sample a ring element should be very - * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid - * failing here, we squeeze more blocks out of the state until we have enough. - */ while (true) { if (done) { break; @@ -2095,8 +1873,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c1( for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)3U, - /* A[i][j] = A_transpose[j][i] */ sampled, + (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f6), libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { @@ -2317,12 +2094,7 @@ with const generics static KRML_MUSTINLINE void ntt_at_layer_7_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - step; - i++) { + for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( re->coefficients[j + step], (int16_t)-1600); @@ -2465,11 +2237,7 @@ with const generics static KRML_MUSTINLINE void poly_barrett_reduce_d6_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); @@ -2484,9 +2252,7 @@ with const generics */ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { - ntt_at_layer_7_79(/* Due to the small coefficient bound, we can skip the first - round of Montgomery reductions. */ - re); + ntt_at_layer_7_79(re); size_t zeta_i = (size_t)1U; ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U); @@ -2615,8 +2381,6 @@ with const generics static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ntt_multiply_d6_79(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) { - /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient| - * coefficient >= 0 && coefficient < 4096)); */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out = ZERO_d6_79(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2657,14 +2421,9 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_ab( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) { for (size_t i = (size_t)0U; - i < - Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, - /* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - self->coefficients, __m256i), - __m256i); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2698,17 +2457,10 @@ static KRML_MUSTINLINE void add_standard_error_reduce_d6_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - __m256i coefficient_normal_form = to_standard_domain_79( - self->coefficients[/* The coefficients are of the form aR^{-1} mod q, - which means calling to_montgomery_domain() on them - should return a mod q. */ - j]); + __m256i coefficient_normal_form = + to_standard_domain_79(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); @@ -2738,8 +2490,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_ab( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0]; - /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. - */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_d6_79(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; @@ -2815,10 +2565,7 @@ static void generate_keypair_unpacked_221( IndCpaPrivateKeyUnpacked_63 *private_key, IndCpaPublicKeyUnpacked_63 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for - ML-KEM */ - key_generation_seed, - hashed); + cpa_keygen_seed_d8_be(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2848,8 +2595,8 @@ static void generate_keypair_unpacked_221( sample_vector_cbd_then_ntt_out_b41(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); - compute_As_plus_e_ab(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, - public_key->A, private_key->secret_as_ntt, error_as_ntt); + compute_As_plus_e_ab(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); @@ -2858,31 +2605,27 @@ static void generate_keypair_unpacked_221( } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 - RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_bb1( - Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_63 private_key = default_1a_ab(); - IndCpaPublicKeyUnpacked_63 public_key = default_8d_ab(); - generate_keypair_unpacked_221(key_generation_seed, &private_key, &public_key); +static libcrux_ml_kem_utils_extraction_helper_Keypair768 +serialize_unpacked_secret_key_8c(IndCpaPublicKeyUnpacked_63 *public_key, + IndCpaPrivateKeyUnpacked_63 *private_key) { uint8_t public_key_serialized[1184U]; serialize_public_key_ed( - /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key->t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_ed( - /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, - secret_key_serialized); + serialize_secret_key_ed(private_key->secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2899,22 +2642,41 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_bb1( return lit; } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_bb1( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_63 private_key = default_1a_ab(); + IndCpaPublicKeyUnpacked_63 public_key = default_8d_ab(); + generate_keypair_unpacked_221(key_generation_seed, &private_key, &public_key); + return serialize_unpacked_secret_key_8c(&public_key, &private_key); +} + /** Serialize the secret key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_ae( +static KRML_MUSTINLINE void serialize_kem_secret_key_mut_ae( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t *serialized) { size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; + uint8_t *uu____0 = serialized; size_t uu____1 = pointer; size_t uu____2 = pointer; Eurydice_slice_copy( @@ -2923,7 +2685,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_ae( uint8_t), private_key, uint8_t); pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; + uint8_t *uu____3 = serialized; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( @@ -2933,13 +2695,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_ae( public_key, uint8_t); pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - H_a9_e0(public_key, ret0); + serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t); + uint8_t ret[32U]; + H_a9_e0(public_key, ret); Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; + uint8_t *uu____7 = serialized; size_t uu____8 = pointer; size_t uu____9 = pointer; Eurydice_slice_copy( @@ -2948,6 +2711,24 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_ae( uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), uint8_t), implicit_rejection_value, uint8_t); +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_ae( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + serialize_kem_secret_key_mut_ae(private_key, public_key, + implicit_rejection_value, out); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -3053,6 +2834,42 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_98( } } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static void build_unpacked_public_key_mut_fa1( + Eurydice_slice public_key, + IndCpaPublicKeyUnpacked_63 *unpacked_public_key) { + Eurydice_slice uu____0 = + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t); + deserialize_ring_elements_reduced_98(uu____0, unpacked_public_key->t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] = + unpacked_public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); + sample_matrix_A_6c1(uu____1, ret, false); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static IndCpaPublicKeyUnpacked_63 build_unpacked_public_key_fa1( + Eurydice_slice public_key) { + IndCpaPublicKeyUnpacked_63 unpacked_public_key = default_8d_ab(); + build_unpacked_public_key_mut_fa1(public_key, &unpacked_public_key); + return unpacked_public_key; +} + /** Sample a vector of ring elements from a centered binomial distribution. */ @@ -3214,13 +3031,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_79( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; - i0 < (size_t)128U >> - (uint32_t) /* The semicolon and parentheses at the end of loop are a - workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - layer; - i0++) { + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; @@ -3251,10 +3062,7 @@ with const generics static KRML_MUSTINLINE void invert_ntt_montgomery_ab( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t zeta_i = - /* We only ever call this function after matrix/vector multiplication */ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT - - / (size_t)2U; + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; invert_ntt_at_layer_1_79(&zeta_i, re); invert_ntt_at_layer_2_79(&zeta_i, re); invert_ntt_at_layer_3_79(&zeta_i, re); @@ -3280,11 +3088,7 @@ static KRML_MUSTINLINE void add_error_reduce_d6_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( @@ -3397,26 +3201,8 @@ add_message_error_reduce_d6_79( __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients - [/* FIXME: Eurydice crashes with: Warning 11: in top-level - declaration - libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector: - this expression is not Low*; the enclosing function cannot be - translated into C*: let mutable ret(Mark.Present,(Mark.AtMost - 2), ): int16_t[16size_t] = $any in - libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add - ((@9: - libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4] - &(((@8: - libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4]) - @0; @0 Warning 11 is fatal, exiting. On the following code: - ```rust result.coefficients[i] = - Vector::barrett_reduce(Vector::add( coefficient_normal_form, - &Vector::add(self.coefficients[i], &message.coefficients[i]), - )); ``` */ - i0], - &message->coefficients[i0]); + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], + &message->coefficients[i0]); __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = @@ -3464,18 +3250,8 @@ compress_ciphertext_coefficient_ef(__m256i vector) { __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); __m256i coefficient_bits_mask = mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - __m128i coefficients_low = - mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take - the bottom 128 bits, i.e. the first 8 16-bit - coefficients */ - vector); - __m256i coefficients_low0 = - mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A - coefficients_low[16:31] = B - coefficients_low[32:63] = C and so on ... after - this step: coefficients_low[0:31] = A - coefficients_low[32:63] = B and so on ... */ - coefficients_low); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i compressed_low = mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i); __m256i compressed_low0 = @@ -3483,18 +3259,12 @@ compress_ciphertext_coefficient_ef(__m256i vector) { __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = mm256_srli_epi32( - (int32_t)3, - /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we - just need to shift right by 35 - 32 = 3 more. */ - compressed_low1, __m256i); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); __m256i compressed_low3 = mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, - i.e. the next 8 16-bit coefficients */ - vector, __m128i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i); @@ -3507,20 +3277,8 @@ compress_ciphertext_coefficient_ef(__m256i vector) { mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = - mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, - this function results in: 0: low low low low | 1: - high high high high | 2: low low low low | 3: high - high high high where each |low| and |high| is a - 16-bit element */ - compressed_low3, - compressed_high3); - return mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3574,18 +3332,8 @@ compress_ciphertext_coefficient_c4(__m256i vector) { __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); __m256i coefficient_bits_mask = mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - __m128i coefficients_low = - mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take - the bottom 128 bits, i.e. the first 8 16-bit - coefficients */ - vector); - __m256i coefficients_low0 = - mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A - coefficients_low[16:31] = B - coefficients_low[32:63] = C and so on ... after - this step: coefficients_low[0:31] = A - coefficients_low[32:63] = B and so on ... */ - coefficients_low); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i compressed_low = mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i); __m256i compressed_low0 = @@ -3593,18 +3341,12 @@ compress_ciphertext_coefficient_c4(__m256i vector) { __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = mm256_srli_epi32( - (int32_t)3, - /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we - just need to shift right by 35 - 32 = 3 more. */ - compressed_low1, __m256i); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); __m256i compressed_low3 = mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, - i.e. the next 8 16-bit coefficients */ - vector, __m128i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i); @@ -3617,20 +3359,8 @@ compress_ciphertext_coefficient_c4(__m256i vector) { mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = - mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, - this function results in: 0: low low low low | 1: - high high high high | 2: low low low low | 3: high - high high high where each |low| and |high| is a - 16-bit element */ - compressed_low3, - compressed_high3); - return mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3684,15 +3414,9 @@ static void compress_then_serialize_u_8c( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0]; - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - out, - i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * - ((size_t)960U / (size_t)3U), - uint8_t); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_a4(&re, ret); Eurydice_slice_copy( @@ -3714,18 +3438,8 @@ compress_ciphertext_coefficient_d1(__m256i vector) { __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); __m256i coefficient_bits_mask = mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - __m128i coefficients_low = - mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take - the bottom 128 bits, i.e. the first 8 16-bit - coefficients */ - vector); - __m256i coefficients_low0 = - mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A - coefficients_low[16:31] = B - coefficients_low[32:63] = C and so on ... after - this step: coefficients_low[0:31] = A - coefficients_low[32:63] = B and so on ... */ - coefficients_low); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i compressed_low = mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i); __m256i compressed_low0 = @@ -3733,18 +3447,12 @@ compress_ciphertext_coefficient_d1(__m256i vector) { __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = mm256_srli_epi32( - (int32_t)3, - /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we - just need to shift right by 35 - 32 = 3 more. */ - compressed_low1, __m256i); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); __m256i compressed_low3 = mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, - i.e. the next 8 16-bit coefficients */ - vector, __m128i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i); @@ -3757,20 +3465,8 @@ compress_ciphertext_coefficient_d1(__m256i vector) { mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = - mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, - this function results in: 0: low low low low | 1: - high high high high | 2: low low low low | 3: high - high high high where each |low| and |high| is a - 16-bit element */ - compressed_low3, - compressed_high3); - return mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3796,11 +3492,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = compress_ea_d1(to_unsigned_representative_79(re.coefficients[i0])); @@ -3827,18 +3519,8 @@ compress_ciphertext_coefficient_f4(__m256i vector) { __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); __m256i coefficient_bits_mask = mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - __m128i coefficients_low = - mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take - the bottom 128 bits, i.e. the first 8 16-bit - coefficients */ - vector); - __m256i coefficients_low0 = - mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A - coefficients_low[16:31] = B - coefficients_low[32:63] = C and so on ... after - this step: coefficients_low[0:31] = A - coefficients_low[32:63] = B and so on ... */ - coefficients_low); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i compressed_low = mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i); __m256i compressed_low0 = @@ -3846,18 +3528,12 @@ compress_ciphertext_coefficient_f4(__m256i vector) { __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = mm256_srli_epi32( - (int32_t)3, - /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we - just need to shift right by 35 - 32 = 3 more. */ - compressed_low1, __m256i); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); __m256i compressed_low3 = mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, - i.e. the next 8 16-bit coefficients */ - vector, __m128i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i); @@ -3870,20 +3546,8 @@ compress_ciphertext_coefficient_f4(__m256i vector) { mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = - mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, - this function results in: 0: low low low low | 1: - high high high high | 2: low low low low | 3: high - high high high where each |low| and |high| is a - 16-bit element */ - compressed_low3, - compressed_high3); - return mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3909,11 +3573,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = compress_ea_f4(to_unsigned_representative_79(re.coefficients[i0])); @@ -4001,11 +3661,7 @@ static void encrypt_unpacked_741(IndCpaPublicKeyUnpacked_63 *public_key, Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := - CBD{η1}(PRF(r, N)) N := N + 1 end - for rˆ := NTT(r) */ - randomness, - prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4017,7 +3673,6 @@ static void encrypt_unpacked_741(IndCpaPublicKeyUnpacked_63 *public_key, uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; - /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_23 uu____3 = sample_ring_element_cbd_b41(copy_of_prf_input, domain_separator0); @@ -4026,7 +3681,7 @@ static void encrypt_unpacked_741(IndCpaPublicKeyUnpacked_63 *public_key, error_1, uu____3.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; + prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF_a9_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); @@ -4034,11 +3689,9 @@ static void encrypt_unpacked_741(IndCpaPublicKeyUnpacked_63 *public_key, sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U]; - compute_vector_u_ab(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, - r_as_ntt, error_1, u); + compute_vector_u_ab(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; - /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element = deserialize_then_decompress_message_79(copy_of_message); @@ -4047,14 +3700,12 @@ static void encrypt_unpacked_741(IndCpaPublicKeyUnpacked_63 *public_key, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U]; - /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); compress_then_serialize_u_8c( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); - /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v; compress_then_serialize_ring_element_v_78( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, @@ -4081,29 +3732,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_741(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_63 unpacked_public_key = default_8d_ab(); - deserialize_ring_elements_reduced_98( - Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ - public_key, (size_t)1152U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 - do for j from 0 to k − 1 do AˆT[i][j] := - Parse(XOF(ρ, i, j)) end for end for */ - public_key, - (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[3U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); - sample_matrix_A_6c1(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_63 *uu____1 = &unpacked_public_key; + IndCpaPublicKeyUnpacked_63 unpacked_public_key = + build_unpacked_public_key_fa1(public_key); + IndCpaPublicKeyUnpacked_63 *uu____0 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_741(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + uint8_t ret0[1088U]; + encrypt_unpacked_741(uu____0, copy_of_message, randomness, ret0); + memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t)); } /** @@ -4261,8 +3898,7 @@ decompress_ciphertext_coefficient_ef(__m256i vector) { mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); - __m128i coefficients_low = mm256_castsi256_si128( - /* ---- Compress the first 8 coefficients ---- */ vector); + __m128i coefficients_low = mm256_castsi256_si128(vector); __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = mm256_mullo_epi32(coefficients_low0, field_modulus); @@ -4270,16 +3906,12 @@ decompress_ciphertext_coefficient_ef(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); __m256i decompressed_low1 = mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = mm256_srli_epi32( - (int32_t)10, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_low1, __m256i); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i); __m256i decompressed_low3 = mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = mm256_mullo_epi32(coefficients_high0, field_modulus); @@ -4287,27 +3919,12 @@ decompress_ciphertext_coefficient_ef(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); __m256i decompressed_high1 = mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = mm256_srli_epi32( - (int32_t)10, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_high1, __m256i); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i); __m256i decompressed_high3 = mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = - mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, - this function results in: 0: low low low low | 1: - high high high high | 2: low low low low | 3: high - high high high where each |low| and |high| is a - 16-bit element */ - decompressed_low3, - decompressed_high3); - return mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4356,8 +3973,7 @@ decompress_ciphertext_coefficient_c4(__m256i vector) { mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); - __m128i coefficients_low = mm256_castsi256_si128( - /* ---- Compress the first 8 coefficients ---- */ vector); + __m128i coefficients_low = mm256_castsi256_si128(vector); __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = mm256_mullo_epi32(coefficients_low0, field_modulus); @@ -4365,16 +3981,12 @@ decompress_ciphertext_coefficient_c4(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); __m256i decompressed_low1 = mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = mm256_srli_epi32( - (int32_t)11, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_low1, __m256i); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i); __m256i decompressed_low3 = mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = mm256_mullo_epi32(coefficients_high0, field_modulus); @@ -4382,27 +3994,12 @@ decompress_ciphertext_coefficient_c4(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); __m256i decompressed_high1 = mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = mm256_srli_epi32( - (int32_t)11, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_high1, __m256i); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i); __m256i decompressed_high3 = mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = - mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, - this function results in: 0: low low low low | 1: - high high high high | 2: low low low low | 3: high - high high high where each |low| and |high| is a - 16-bit element */ - decompressed_low3, - decompressed_high3); - return mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4524,8 +4121,7 @@ decompress_ciphertext_coefficient_d1(__m256i vector) { mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); - __m128i coefficients_low = mm256_castsi256_si128( - /* ---- Compress the first 8 coefficients ---- */ vector); + __m128i coefficients_low = mm256_castsi256_si128(vector); __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = mm256_mullo_epi32(coefficients_low0, field_modulus); @@ -4533,16 +4129,12 @@ decompress_ciphertext_coefficient_d1(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); __m256i decompressed_low1 = mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = mm256_srli_epi32( - (int32_t)4, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_low1, __m256i); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i); __m256i decompressed_low3 = mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = mm256_mullo_epi32(coefficients_high0, field_modulus); @@ -4550,27 +4142,12 @@ decompress_ciphertext_coefficient_d1(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); __m256i decompressed_high1 = mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = mm256_srli_epi32( - (int32_t)4, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_high1, __m256i); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i); __m256i decompressed_high3 = mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = - mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, - this function results in: 0: low low low low | 1: - high high high high | 2: low low low low | 3: high - high high high where each |low| and |high| is a - 16-bit element */ - decompressed_low3, - decompressed_high3); - return mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4619,8 +4196,7 @@ decompress_ciphertext_coefficient_f4(__m256i vector) { mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); - __m128i coefficients_low = mm256_castsi256_si128( - /* ---- Compress the first 8 coefficients ---- */ vector); + __m128i coefficients_low = mm256_castsi256_si128(vector); __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = mm256_mullo_epi32(coefficients_low0, field_modulus); @@ -4628,16 +4204,12 @@ decompress_ciphertext_coefficient_f4(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); __m256i decompressed_low1 = mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = mm256_srli_epi32( - (int32_t)5, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_low1, __m256i); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i); __m256i decompressed_low3 = mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = mm256_mullo_epi32(coefficients_high0, field_modulus); @@ -4645,27 +4217,12 @@ decompress_ciphertext_coefficient_f4(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); __m256i decompressed_high1 = mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = mm256_srli_epi32( - (int32_t)5, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_high1, __m256i); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i); __m256i decompressed_high3 = mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = - mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, - this function results in: 0: low low low low | 1: - high high high high | 2: low low low low | 3: high - high high high where each |low| and |high| is a - 16-bit element */ - decompressed_low3, - decompressed_high3); - return mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4829,14 +4386,11 @@ with const generics static void decrypt_unpacked_2f(IndCpaPrivateKeyUnpacked_63 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U]; - deserialize_then_decompress_u_ed( - /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + deserialize_then_decompress_u_ed(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v = deserialize_then_decompress_ring_element_v_42( - Eurydice_array_to_subslice_from( - (size_t)1088U, - /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ - ciphertext, (size_t)960U, uint8_t, size_t)); + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message = compute_message_ab(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -4857,8 +4411,7 @@ with const generics static void decrypt_2f(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U]; - deserialize_secret_key_ab(/* sˆ := Decode_12(sk) */ secret_key, - secret_as_ntt); + deserialize_secret_key_ab(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U]; memcpy( @@ -4924,20 +4477,13 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_a11( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; decrypt_2f(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; @@ -4950,28 +4496,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_a11( ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; G_a9_e0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_41(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; + Eurydice_slice uu____3 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_741(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_741(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_ae(Eurydice_array_to_slice((size_t)32U, @@ -5173,28 +4719,20 @@ static KRML_MUSTINLINE void H_a9_ac(Eurydice_slice input, uint8_t ret[32U]) { Validate an ML-KEM private key. This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 - SECRET_KEY_SIZE= 3168 -- CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_b9( - libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) { +bool libcrux_ml_kem_ind_cca_validate_private_key_only_5e( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) { uint8_t t[32U]; - H_a9_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly - on the types. We need to go to the - `value` directly. */ - private_key->value, - (size_t)384U * (size_t)4U, - (size_t)768U * (size_t)4U + (size_t)32U, - uint8_t), + H_a9_ac(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, @@ -5203,6 +4741,27 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_b9( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_b9( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_5e(private_key); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -5646,10 +5205,6 @@ static KRML_MUSTINLINE void sample_from_xof_6c( memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_78( copy_of_randomness0, sampled_coefficients, out); - /* Requiring more than 5 blocks to sample a ring element should be very - * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid - * failing here, we squeeze more blocks out of the state until we have enough. - */ while (true) { if (done) { break; @@ -5702,8 +5257,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c( for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)4U, - /* A[i][j] = A_transpose[j][i] */ sampled, + (size_t)4U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f6), libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { @@ -5865,14 +5419,9 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) { for (size_t i = (size_t)0U; - i < - Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, - /* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - self->coefficients, __m256i), - __m256i); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5903,8 +5452,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_42( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0]; - /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. - */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_d6_79(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; @@ -5980,10 +5527,7 @@ static void generate_keypair_unpacked_22( IndCpaPrivateKeyUnpacked_39 *private_key, IndCpaPublicKeyUnpacked_39 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_6a(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for - ML-KEM */ - key_generation_seed, - hashed); + cpa_keygen_seed_d8_6a(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6013,8 +5557,8 @@ static void generate_keypair_unpacked_22( sample_vector_cbd_then_ntt_out_b4(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); - compute_As_plus_e_42(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, - public_key->A, private_key->secret_as_ntt, error_as_ntt); + compute_As_plus_e_42(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); @@ -6023,31 +5567,27 @@ static void generate_keypair_unpacked_22( } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - PRIVATE_KEY_SIZE= 1536 - PUBLIC_KEY_SIZE= 1568 - RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_bb0( - Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_39 private_key = default_1a_42(); - IndCpaPublicKeyUnpacked_39 public_key = default_8d_42(); - generate_keypair_unpacked_22(key_generation_seed, &private_key, &public_key); +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 +serialize_unpacked_secret_key_c9(IndCpaPublicKeyUnpacked_39 *public_key, + IndCpaPrivateKeyUnpacked_39 *private_key) { uint8_t public_key_serialized[1568U]; serialize_public_key_1e( - /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key->t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_78( - /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, - secret_key_serialized); + serialize_secret_key_78(private_key->secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6064,22 +5604,41 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_bb0( return lit; } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_bb0( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_39 private_key = default_1a_42(); + IndCpaPublicKeyUnpacked_39 public_key = default_8d_42(); + generate_keypair_unpacked_22(key_generation_seed, &private_key, &public_key); + return serialize_unpacked_secret_key_c9(&public_key, &private_key); +} + /** Serialize the secret key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_5e( +static KRML_MUSTINLINE void serialize_kem_secret_key_mut_5e( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t *serialized) { size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; + uint8_t *uu____0 = serialized; size_t uu____1 = pointer; size_t uu____2 = pointer; Eurydice_slice_copy( @@ -6088,7 +5647,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5e( uint8_t), private_key, uint8_t); pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; + uint8_t *uu____3 = serialized; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( @@ -6098,13 +5657,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5e( public_key, uint8_t); pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - H_a9_ac(public_key, ret0); + serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t); + uint8_t ret[32U]; + H_a9_ac(public_key, ret); Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; + uint8_t *uu____7 = serialized; size_t uu____8 = pointer; size_t uu____9 = pointer; Eurydice_slice_copy( @@ -6113,6 +5673,24 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5e( uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), uint8_t), implicit_rejection_value, uint8_t); +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_5e( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + serialize_kem_secret_key_mut_5e(private_key, public_key, + implicit_rejection_value, out); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -6218,6 +5796,42 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3c( } } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- T_AS_NTT_ENCODED_SIZE= 1536 +*/ +static void build_unpacked_public_key_mut_fa0( + Eurydice_slice public_key, + IndCpaPublicKeyUnpacked_39 *unpacked_public_key) { + Eurydice_slice uu____0 = + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t); + deserialize_ring_elements_reduced_3c(uu____0, unpacked_public_key->t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[4U] = + unpacked_public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); + sample_matrix_A_6c(uu____1, ret, false); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- T_AS_NTT_ENCODED_SIZE= 1536 +*/ +static IndCpaPublicKeyUnpacked_39 build_unpacked_public_key_fa0( + Eurydice_slice public_key) { + IndCpaPublicKeyUnpacked_39 unpacked_public_key = default_8d_42(); + build_unpacked_public_key_mut_fa0(public_key, &unpacked_public_key); + return unpacked_public_key; +} + /** Sample a vector of ring elements from a centered binomial distribution. */ @@ -6289,10 +5903,7 @@ with const generics static KRML_MUSTINLINE void invert_ntt_montgomery_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t zeta_i = - /* We only ever call this function after matrix/vector multiplication */ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT - - / (size_t)2U; + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; invert_ntt_at_layer_1_79(&zeta_i, re); invert_ntt_at_layer_2_79(&zeta_i, re); invert_ntt_at_layer_3_79(&zeta_i, re); @@ -6437,15 +6048,9 @@ static void compress_then_serialize_u_c9( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0]; - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - out, - i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * - ((size_t)1408U / (size_t)4U), - uint8_t); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; compress_then_serialize_ring_element_u_6f(&re, ret); Eurydice_slice_copy( @@ -6527,11 +6132,7 @@ static void encrypt_unpacked_74(IndCpaPublicKeyUnpacked_39 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := - CBD{η1}(PRF(r, N)) N := N + 1 end - for rˆ := NTT(r) */ - randomness, - prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6543,7 +6144,6 @@ static void encrypt_unpacked_74(IndCpaPublicKeyUnpacked_39 *public_key, uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; - /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_dd uu____3 = sample_ring_element_cbd_b4(copy_of_prf_input, domain_separator0); @@ -6552,7 +6152,7 @@ static void encrypt_unpacked_74(IndCpaPublicKeyUnpacked_39 *public_key, error_1, uu____3.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; + prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF_a9_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); @@ -6560,11 +6160,9 @@ static void encrypt_unpacked_74(IndCpaPublicKeyUnpacked_39 *public_key, sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[4U]; - compute_vector_u_42(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, - r_as_ntt, error_1, u); + compute_vector_u_42(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; - /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element = deserialize_then_decompress_message_79(copy_of_message); @@ -6573,14 +6171,12 @@ static void encrypt_unpacked_74(IndCpaPublicKeyUnpacked_39 *public_key, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[4U]; - /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); compress_then_serialize_u_c9( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); - /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v; compress_then_serialize_ring_element_v_ff( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, @@ -6607,29 +6203,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_740(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_39 unpacked_public_key = default_8d_42(); - deserialize_ring_elements_reduced_3c( - Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ - public_key, (size_t)1536U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 - do for j from 0 to k − 1 do AˆT[i][j] := - Parse(XOF(ρ, i, j)) end for end for */ - public_key, - (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[4U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); - sample_matrix_A_6c(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_39 *uu____1 = &unpacked_public_key; + IndCpaPublicKeyUnpacked_39 unpacked_public_key = + build_unpacked_public_key_fa0(public_key); + IndCpaPublicKeyUnpacked_39 *uu____0 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_74(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); + uint8_t ret0[1568U]; + encrypt_unpacked_74(uu____0, copy_of_message, randomness, ret0); + memcpy(ret, ret0, (size_t)1568U * sizeof(uint8_t)); } /** @@ -6904,14 +6486,11 @@ with const generics static void decrypt_unpacked_37(IndCpaPrivateKeyUnpacked_39 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[4U]; - deserialize_then_decompress_u_1e( - /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + deserialize_then_decompress_u_1e(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v = deserialize_then_decompress_ring_element_v_b4( - Eurydice_array_to_subslice_from( - (size_t)1568U, - /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ - ciphertext, (size_t)1408U, uint8_t, size_t)); + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message = compute_message_42(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -6932,8 +6511,7 @@ with const generics static void decrypt_37(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U]; - deserialize_secret_key_42(/* sˆ := Decode_12(sk) */ secret_key, - secret_as_ntt); + deserialize_secret_key_42(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[4U]; memcpy( @@ -6987,20 +6565,13 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_a10( libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_1f( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; decrypt_37(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; @@ -7013,28 +6584,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_a10( ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; G_a9_ac(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_7f(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_af(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_af(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_44(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; + Eurydice_slice uu____3 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_740(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_740(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_5e(Eurydice_array_to_slice((size_t)32U, @@ -7236,28 +6807,20 @@ static KRML_MUSTINLINE void H_a9_fd(Eurydice_slice input, uint8_t ret[32U]) { Validate an ML-KEM private key. This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 - SECRET_KEY_SIZE= 1632 -- CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ad( - libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) { +bool libcrux_ml_kem_ind_cca_validate_private_key_only_4d( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) { uint8_t t[32U]; - H_a9_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly - on the types. We need to go to the - `value` directly. */ - private_key->value, - (size_t)384U * (size_t)2U, - (size_t)768U * (size_t)2U + (size_t)32U, - uint8_t), + H_a9_fd(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)2U, + (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)2U + (size_t)32U, @@ -7266,6 +6829,27 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_ad( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_ad( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_4d(private_key); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -7683,10 +7267,6 @@ static KRML_MUSTINLINE void sample_from_xof_6c0( memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_29( copy_of_randomness0, sampled_coefficients, out); - /* Requiring more than 5 blocks to sample a ring element should be very - * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid - * failing here, we squeeze more blocks out of the state until we have enough. - */ while (true) { if (done) { break; @@ -7739,8 +7319,7 @@ static KRML_MUSTINLINE void sample_matrix_A_6c0( for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)2U, - /* A[i][j] = A_transpose[j][i] */ sampled, + (size_t)2U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f6), libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { @@ -7907,14 +7486,9 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_89( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) { for (size_t i = (size_t)0U; - i < - Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, - /* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - self->coefficients, __m256i), - __m256i); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7945,8 +7519,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_89( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0]; - /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. - */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_d6_79(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; @@ -8022,10 +7594,7 @@ static void generate_keypair_unpacked_220( IndCpaPrivateKeyUnpacked_94 *private_key, IndCpaPublicKeyUnpacked_94 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_f8(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for - ML-KEM */ - key_generation_seed, - hashed); + cpa_keygen_seed_d8_f8(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8055,8 +7624,8 @@ static void generate_keypair_unpacked_220( sample_vector_cbd_then_ntt_out_b40(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); - compute_As_plus_e_89(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, - public_key->A, private_key->secret_as_ntt, error_as_ntt); + compute_As_plus_e_89(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); @@ -8065,31 +7634,27 @@ static void generate_keypair_unpacked_220( } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - PRIVATE_KEY_SIZE= 768 - PUBLIC_KEY_SIZE= 800 - RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_bb( - Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_94 private_key = default_1a_89(); - IndCpaPublicKeyUnpacked_94 public_key = default_8d_89(); - generate_keypair_unpacked_220(key_generation_seed, &private_key, &public_key); +static libcrux_ml_kem_utils_extraction_helper_Keypair512 +serialize_unpacked_secret_key_2d(IndCpaPublicKeyUnpacked_94 *public_key, + IndCpaPrivateKeyUnpacked_94 *private_key) { uint8_t public_key_serialized[800U]; serialize_public_key_ba( - /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key->t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_29( - /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, - secret_key_serialized); + serialize_secret_key_29(private_key->secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8106,22 +7671,41 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_bb( return lit; } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_bb( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_94 private_key = default_1a_89(); + IndCpaPublicKeyUnpacked_94 public_key = default_8d_89(); + generate_keypair_unpacked_220(key_generation_seed, &private_key, &public_key); + return serialize_unpacked_secret_key_2d(&public_key, &private_key); +} + /** Serialize the secret key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_4d( +static KRML_MUSTINLINE void serialize_kem_secret_key_mut_4d( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t *serialized) { size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; + uint8_t *uu____0 = serialized; size_t uu____1 = pointer; size_t uu____2 = pointer; Eurydice_slice_copy( @@ -8130,7 +7714,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_4d( uint8_t), private_key, uint8_t); pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; + uint8_t *uu____3 = serialized; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( @@ -8140,13 +7724,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_4d( public_key, uint8_t); pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - H_a9_fd(public_key, ret0); + serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t); + uint8_t ret[32U]; + H_a9_fd(public_key, ret); Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; + uint8_t *uu____7 = serialized; size_t uu____8 = pointer; size_t uu____9 = pointer; Eurydice_slice_copy( @@ -8155,6 +7740,24 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_4d( uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), uint8_t), implicit_rejection_value, uint8_t); +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_4d( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + serialize_kem_secret_key_mut_4d(private_key, public_key, + implicit_rejection_value, out); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -8260,6 +7863,42 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_09( } } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- T_AS_NTT_ENCODED_SIZE= 768 +*/ +static void build_unpacked_public_key_mut_fa( + Eurydice_slice public_key, + IndCpaPublicKeyUnpacked_94 *unpacked_public_key) { + Eurydice_slice uu____0 = + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t); + deserialize_ring_elements_reduced_09(uu____0, unpacked_public_key->t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[2U] = + unpacked_public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); + sample_matrix_A_6c0(uu____1, ret, false); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- T_AS_NTT_ENCODED_SIZE= 768 +*/ +static IndCpaPublicKeyUnpacked_94 build_unpacked_public_key_fa( + Eurydice_slice public_key) { + IndCpaPublicKeyUnpacked_94 unpacked_public_key = default_8d_89(); + build_unpacked_public_key_mut_fa(public_key, &unpacked_public_key); + return unpacked_public_key; +} + /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN with const generics @@ -8377,10 +8016,7 @@ with const generics static KRML_MUSTINLINE void invert_ntt_montgomery_89( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t zeta_i = - /* We only ever call this function after matrix/vector multiplication */ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT - - / (size_t)2U; + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; invert_ntt_at_layer_1_79(&zeta_i, re); invert_ntt_at_layer_2_79(&zeta_i, re); invert_ntt_at_layer_3_79(&zeta_i, re); @@ -8487,15 +8123,9 @@ static void compress_then_serialize_u_2d( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0]; - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - out, - i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * - ((size_t)640U / (size_t)2U), - uint8_t); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_a4(&re, ret); Eurydice_slice_copy( @@ -8565,11 +8195,7 @@ static void encrypt_unpacked_740(IndCpaPublicKeyUnpacked_94 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := - CBD{η1}(PRF(r, N)) N := N + 1 end - for rˆ := NTT(r) */ - randomness, - prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8581,7 +8207,6 @@ static void encrypt_unpacked_740(IndCpaPublicKeyUnpacked_94 *public_key, uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; - /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_40 uu____3 = sample_ring_element_cbd_b40(copy_of_prf_input, domain_separator0); @@ -8590,7 +8215,7 @@ static void encrypt_unpacked_740(IndCpaPublicKeyUnpacked_94 *public_key, error_1, uu____3.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; + prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF_a9_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); @@ -8598,11 +8223,9 @@ static void encrypt_unpacked_740(IndCpaPublicKeyUnpacked_94 *public_key, sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[2U]; - compute_vector_u_89(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, - r_as_ntt, error_1, u); + compute_vector_u_89(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; - /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element = deserialize_then_decompress_message_79(copy_of_message); @@ -8611,14 +8234,12 @@ static void encrypt_unpacked_740(IndCpaPublicKeyUnpacked_94 *public_key, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[2U]; - /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); compress_then_serialize_u_2d( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); - /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v; compress_then_serialize_ring_element_v_78( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, @@ -8645,29 +8266,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_74(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_94 unpacked_public_key = default_8d_89(); - deserialize_ring_elements_reduced_09( - Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ - public_key, (size_t)768U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 - do for j from 0 to k − 1 do AˆT[i][j] := - Parse(XOF(ρ, i, j)) end for end for */ - public_key, - (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[2U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); - sample_matrix_A_6c0(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_94 *uu____1 = &unpacked_public_key; + IndCpaPublicKeyUnpacked_94 unpacked_public_key = + build_unpacked_public_key_fa(public_key); + IndCpaPublicKeyUnpacked_94 *uu____0 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_740(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); + uint8_t ret0[768U]; + encrypt_unpacked_740(uu____0, copy_of_message, randomness, ret0); + memcpy(ret, ret0, (size_t)768U * sizeof(uint8_t)); } /** @@ -8901,14 +8508,11 @@ with const generics static void decrypt_unpacked_4b(IndCpaPrivateKeyUnpacked_94 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[2U]; - deserialize_then_decompress_u_ba( - /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + deserialize_then_decompress_u_ba(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v = deserialize_then_decompress_ring_element_v_42( - Eurydice_array_to_subslice_from( - (size_t)768U, - /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ - ciphertext, (size_t)640U, uint8_t, size_t)); + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message = compute_message_89(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -8929,8 +8533,7 @@ with const generics static void decrypt_4b(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U]; - deserialize_secret_key_89(/* sˆ := Decode_12(sk) */ secret_key, - secret_as_ntt); + deserialize_secret_key_89(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[2U]; memcpy( @@ -8984,20 +8587,13 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_a1( libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_0c( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; decrypt_4b(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; @@ -9010,28 +8606,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_a1( ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; G_a9_fd(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_4d(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_d0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_d0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_49(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; + Eurydice_slice uu____3 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_74(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_74(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_4d(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index e2801fb3e..91e449b9f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 97d4af087..4d296b95a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "internal/libcrux_mlkem_portable.h" @@ -1012,13 +1012,9 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( */ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { - int32_t t = - (int32_t) /* hax_debug_assert!( i32::from(value) > -BARRETT_R && - i32::from(value) < BARRETT_R, "value is {value}" ); */ - value - - * LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); int16_t quotient = (int16_t)(t >> (uint32_t) @@ -1066,12 +1062,7 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = - (int32_t)(int16_t) /* hax_debug_assert!( value >= -FIELD_MODULUS * - MONTGOMERY_R && value <= FIELD_MODULUS * - MONTGOMERY_R, "value is {value}" ); */ - value - - * + (int32_t)(int16_t)value * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; int32_t k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -1152,29 +1143,11 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( */ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { - int16_t shifted = - (int16_t)1664 - - (int16_t) /* The approach used here is inspired by: - https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150 - If 833 <= fe <= 2496, then -832 <= shifted <= 831 */ - fe; - int16_t mask = - /* If shifted < 0, then (shifted >> 15) ^ shifted = flip_bits(shifted) = - -shifted - 1, and so if -832 <= shifted < 0 then 0 < shifted_positive - <= 831 If shifted >= 0 then (shifted >> 15) ^ shifted = shifted, and so - if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 */ - shifted - - >> 15U; + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; int16_t shifted_to_positive = mask ^ shifted; int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(/* If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which - means the most significant bit of - shifted_positive_in_range will be 1. */ - shifted_positive_in_range - - >> 15U & - (int16_t)1); + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1203,26 +1176,12 @@ libcrux_ml_kem_vector_portable_compress_1_0d( KRML_MUSTINLINE uint32_t libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( uint8_t n, uint32_t value) { - return - /* hax_debug_assert!(n == 4 || n == 5 || n == 10 || n == 11 || n == - MONTGOMERY_SHIFT); */ - value - - & ((1U << (uint32_t)n) - 1U); + return value & ((1U << (uint32_t)n) - 1U); } int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = - (uint64_t) /* hax_debug_assert!( coefficient_bits == 4 || coefficient_bits - == 5 || coefficient_bits == 10 || coefficient_bits == 11 ); - hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); This has to - be constant time due to: - https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ - */ - fe - - << (uint32_t)coefficient_bits; + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; compressed = compressed + 1664ULL; compressed = compressed * 10321340ULL; compressed = compressed >> 35U; @@ -1921,11 +1880,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); - /* Here we could also do, the following, but it slows F* down: [r0_4.0, - * r0_4.1, r0_4.2, r0_4.3, r0_4.4, r5_9.0, r5_9.1, r5_9.2, r5_9.3, r5_9.4, - * r10_14.0, r10_14.1, r10_14.2, r10_14.3, r10_14.4, r15_19.0, r15_19.1, - * r15_19.2, r15_19.3, r15_19.4 ] If we can fix the F* for this, the code - * would be more compact. */ uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -2591,28 +2545,20 @@ static KRML_MUSTINLINE void H_f1_ac(Eurydice_slice input, uint8_t ret[32U]) { Validate an ML-KEM private key. This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 - SECRET_KEY_SIZE= 3168 -- CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_b5( - libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) { +bool libcrux_ml_kem_ind_cca_validate_private_key_only_60( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key) { uint8_t t[32U]; - H_f1_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly - on the types. We need to go to the - `value` directly. */ - private_key->value, - (size_t)384U * (size_t)4U, - (size_t)768U * (size_t)4U + (size_t)32U, - uint8_t), + H_f1_ac(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, @@ -2621,6 +2567,27 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_b5( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_b5( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_60(private_key); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -3080,10 +3047,6 @@ static KRML_MUSTINLINE void sample_from_xof_2b( memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_ff( copy_of_randomness0, sampled_coefficients, out); - /* Requiring more than 5 blocks to sample a ring element should be very - * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid - * failing here, we squeeze more blocks out of the state until we have enough. - */ while (true) { if (done) { break; @@ -3137,8 +3100,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b( for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)4U, - /* A[i][j] = A_transpose[j][i] */ sampled, + (size_t)4U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_1d), libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { @@ -3342,12 +3304,7 @@ with const generics static KRML_MUSTINLINE void ntt_at_layer_7_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - step; - i++) { + for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( @@ -3505,11 +3462,7 @@ with const generics static KRML_MUSTINLINE void poly_barrett_reduce_d6_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -3526,9 +3479,7 @@ with const generics */ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { - ntt_at_layer_7_8c(/* Due to the small coefficient bound, we can skip the first - round of Montgomery reductions. */ - re); + ntt_at_layer_7_8c(re); size_t zeta_i = (size_t)1U; ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); @@ -3659,8 +3610,6 @@ with const generics static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d ntt_multiply_d6_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { - /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient| - * coefficient >= 0 && coefficient < 4096)); */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = ZERO_d6_8c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3705,11 +3654,7 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_d0( for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)16U, - /* The semicolon and parentheses at the end of loop are a - workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - self->coefficients, + (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { @@ -3749,18 +3694,10 @@ static KRML_MUSTINLINE void add_standard_error_reduce_d6_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_8c( - self->coefficients[/* The coefficients are of the form aR^{-1} mod - q, which means calling to_montgomery_domain() - on them should return a mod q. */ - j]); + coefficient_normal_form = to_standard_domain_8c(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3792,8 +3729,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_d0( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0]; - /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. - */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_d6_8c(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; @@ -3869,10 +3804,7 @@ static void generate_keypair_unpacked_1c( IndCpaPrivateKeyUnpacked_af *private_key, IndCpaPublicKeyUnpacked_af *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_03(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for - ML-KEM */ - key_generation_seed, - hashed); + cpa_keygen_seed_d8_03(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3902,8 +3834,8 @@ static void generate_keypair_unpacked_1c( sample_vector_cbd_then_ntt_out_3b(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); - compute_As_plus_e_d0(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, - public_key->A, private_key->secret_as_ntt, error_as_ntt); + compute_As_plus_e_d0(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); @@ -3912,31 +3844,27 @@ static void generate_keypair_unpacked_1c( } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_variant_MlKem with const generics + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 4 - PRIVATE_KEY_SIZE= 1536 - PUBLIC_KEY_SIZE= 1568 - RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_151( - Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_af private_key = default_1a_d0(); - IndCpaPublicKeyUnpacked_af public_key = default_8d_d0(); - generate_keypair_unpacked_1c(key_generation_seed, &private_key, &public_key); +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 +serialize_unpacked_secret_key_2f(IndCpaPublicKeyUnpacked_af *public_key, + IndCpaPrivateKeyUnpacked_af *private_key) { uint8_t public_key_serialized[1568U]; serialize_public_key_00( - /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key->t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_ff( - /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, - secret_key_serialized); + serialize_secret_key_ff(private_key->secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3953,22 +3881,41 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_151( return lit; } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_151( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_af private_key = default_1a_d0(); + IndCpaPublicKeyUnpacked_af public_key = default_8d_d0(); + generate_keypair_unpacked_1c(key_generation_seed, &private_key, &public_key); + return serialize_unpacked_secret_key_2f(&public_key, &private_key); +} + /** Serialize the secret key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_60( +static KRML_MUSTINLINE void serialize_kem_secret_key_mut_60( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t *serialized) { size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; + uint8_t *uu____0 = serialized; size_t uu____1 = pointer; size_t uu____2 = pointer; Eurydice_slice_copy( @@ -3977,7 +3924,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_60( uint8_t), private_key, uint8_t); pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; + uint8_t *uu____3 = serialized; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( @@ -3987,13 +3934,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_60( public_key, uint8_t); pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - H_f1_ac(public_key, ret0); + serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t); + uint8_t ret[32U]; + H_f1_ac(public_key, ret); Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; + uint8_t *uu____7 = serialized; size_t uu____8 = pointer; size_t uu____9 = pointer; Eurydice_slice_copy( @@ -4002,6 +3950,24 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_60( uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), uint8_t), implicit_rejection_value, uint8_t); +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_60( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + serialize_kem_secret_key_mut_60(private_key, public_key, + implicit_rejection_value, out); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -4107,6 +4073,44 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0d( } } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const +generics +- K= 4 +- T_AS_NTT_ENCODED_SIZE= 1536 +*/ +static void build_unpacked_public_key_mut_3f( + Eurydice_slice public_key, + IndCpaPublicKeyUnpacked_af *unpacked_public_key) { + Eurydice_slice uu____0 = + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t); + deserialize_ring_elements_reduced_0d(uu____0, unpacked_public_key->t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[4U] = + unpacked_public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); + sample_matrix_A_2b(uu____1, ret, false); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const +generics +- K= 4 +- T_AS_NTT_ENCODED_SIZE= 1536 +*/ +static IndCpaPublicKeyUnpacked_af build_unpacked_public_key_3f1( + Eurydice_slice public_key) { + IndCpaPublicKeyUnpacked_af unpacked_public_key = default_8d_d0(); + build_unpacked_public_key_mut_3f(public_key, &unpacked_public_key); + return unpacked_public_key; +} + /** Sample a vector of ring elements from a centered binomial distribution. */ @@ -4276,13 +4280,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; - i0 < (size_t)128U >> - (uint32_t) /* The semicolon and parentheses at the end of loop are a - workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - layer; - i0++) { + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; @@ -4313,10 +4311,7 @@ with const generics static KRML_MUSTINLINE void invert_ntt_montgomery_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = - /* We only ever call this function after matrix/vector multiplication */ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT - - / (size_t)2U; + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; invert_ntt_at_layer_1_8c(&zeta_i, re); invert_ntt_at_layer_2_8c(&zeta_i, re); invert_ntt_at_layer_3_8c(&zeta_i, re); @@ -4342,11 +4337,7 @@ static KRML_MUSTINLINE void add_error_reduce_d6_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = @@ -4468,27 +4459,8 @@ add_message_error_reduce_d6_8c( libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( result.coefficients[i0], (int16_t)1441); libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp = - libcrux_ml_kem_vector_portable_add_0d( - self->coefficients[/* FIXME: Eurydice crashes with: Warning 11: in - top-level declaration - libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector: - this expression is not Low*; the enclosing - function cannot be translated into C*: let - mutable ret(Mark.Present,(Mark.AtMost 2), ): - int16_t[16size_t] = $any in - libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add - ((@9: - libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4] - &(((@8: - libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4]) - @0; @0 Warning 11 is fatal, exiting. On the - following code: ```rust result.coefficients[i] - = Vector::barrett_reduce(Vector::add( - coefficient_normal_form, - &Vector::add(self.coefficients[i], - &message.coefficients[i]), )); ``` */ - i0], - &message->coefficients[i0]); + libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0], + &message->coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 = libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4649,15 +4621,9 @@ static void compress_then_serialize_u_2f( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0]; - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - out, - i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * - ((size_t)1408U / (size_t)4U), - uint8_t); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; compress_then_serialize_ring_element_u_82(&re, ret); Eurydice_slice_copy( @@ -4707,11 +4673,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = compress_0d_d1(to_unsigned_representative_8c(re.coefficients[i0])); @@ -4766,11 +4728,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = compress_0d_f4(to_unsigned_representative_8c(re.coefficients[i0])); @@ -4858,11 +4816,7 @@ static void encrypt_unpacked_2a(IndCpaPublicKeyUnpacked_af *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := - CBD{η1}(PRF(r, N)) N := N + 1 end - for rˆ := NTT(r) */ - randomness, - prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4874,7 +4828,6 @@ static void encrypt_unpacked_2a(IndCpaPublicKeyUnpacked_af *public_key, uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; - /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_dd0 uu____3 = sample_ring_element_cbd_3b(copy_of_prf_input, domain_separator0); @@ -4883,7 +4836,7 @@ static void encrypt_unpacked_2a(IndCpaPublicKeyUnpacked_af *public_key, error_1, uu____3.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; + prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF_f1_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); @@ -4891,11 +4844,9 @@ static void encrypt_unpacked_2a(IndCpaPublicKeyUnpacked_af *public_key, sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[4U]; - compute_vector_u_d0(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, - r_as_ntt, error_1, u); + compute_vector_u_d0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; - /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element = deserialize_then_decompress_message_8c(copy_of_message); @@ -4904,14 +4855,12 @@ static void encrypt_unpacked_2a(IndCpaPublicKeyUnpacked_af *public_key, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[4U]; - /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); compress_then_serialize_u_2f( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); - /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v; compress_then_serialize_ring_element_v_8e( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, @@ -4939,29 +4888,15 @@ generics */ static void encrypt_2a1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_af unpacked_public_key = default_8d_d0(); - deserialize_ring_elements_reduced_0d( - Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ - public_key, (size_t)1536U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 - do for j from 0 to k − 1 do AˆT[i][j] := - Parse(XOF(ρ, i, j)) end for end for */ - public_key, - (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[4U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); - sample_matrix_A_2b(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_af *uu____1 = &unpacked_public_key; + IndCpaPublicKeyUnpacked_af unpacked_public_key = + build_unpacked_public_key_3f1(public_key); + IndCpaPublicKeyUnpacked_af *uu____0 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_2a(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); + uint8_t ret0[1568U]; + encrypt_unpacked_2a(uu____0, copy_of_message, randomness, ret0); + memcpy(ret, ret0, (size_t)1568U * sizeof(uint8_t)); } /** @@ -5119,11 +5054,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < - /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| - coefficient.abs() < 1 << COEFFICIENT_BITS)); */ - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) { + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -5183,11 +5114,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient_c4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < - /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| - coefficient.abs() < 1 << COEFFICIENT_BITS)); */ - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) { + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -5320,11 +5247,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < - /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| - coefficient.abs() < 1 << COEFFICIENT_BITS)); */ - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) { + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -5384,11 +5307,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < - /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| - coefficient.abs() < 1 << COEFFICIENT_BITS)); */ - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) { + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -5569,14 +5488,11 @@ with const generics static void decrypt_unpacked_7d(IndCpaPrivateKeyUnpacked_af *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[4U]; - deserialize_then_decompress_u_00( - /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + deserialize_then_decompress_u_00(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = deserialize_then_decompress_ring_element_v_9f( - Eurydice_array_to_subslice_from( - (size_t)1568U, - /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ - ciphertext, (size_t)1408U, uint8_t, size_t)); + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d message = compute_message_d0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -5597,8 +5513,7 @@ with const generics static void decrypt_7d(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U]; - deserialize_secret_key_d0(/* sˆ := Decode_12(sk) */ secret_key, - secret_as_ntt); + deserialize_secret_key_d0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[4U]; memcpy( @@ -5664,20 +5579,13 @@ libcrux_ml_kem_variant_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_621( libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_1f( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; decrypt_7d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; @@ -5690,28 +5598,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_621( ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; G_f1_ac(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_7f(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_af(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_af(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_44(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; + Eurydice_slice uu____3 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_2a1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_2a1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_60(Eurydice_array_to_slice((size_t)32U, @@ -5913,28 +5821,20 @@ static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) { Validate an ML-KEM private key. This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 - SECRET_KEY_SIZE= 1632 -- CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fb( - libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) { +bool libcrux_ml_kem_ind_cca_validate_private_key_only_30( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key) { uint8_t t[32U]; - H_f1_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly - on the types. We need to go to the - `value` directly. */ - private_key->value, - (size_t)384U * (size_t)2U, - (size_t)768U * (size_t)2U + (size_t)32U, - uint8_t), + H_f1_fd(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)2U, + (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)2U + (size_t)32U, @@ -5943,6 +5843,27 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_fb( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_fb( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_30(private_key); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -6362,10 +6283,6 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_64( copy_of_randomness0, sampled_coefficients, out); - /* Requiring more than 5 blocks to sample a ring element should be very - * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid - * failing here, we squeeze more blocks out of the state until we have enough. - */ while (true) { if (done) { break; @@ -6419,8 +6336,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b0( for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)2U, - /* A[i][j] = A_transpose[j][i] */ sampled, + (size_t)2U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_1d), libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { @@ -6577,11 +6493,7 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_a0( for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)16U, - /* The semicolon and parentheses at the end of loop are a - workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - self->coefficients, + (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { @@ -6616,8 +6528,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_a0( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0]; - /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. - */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_d6_8c(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; @@ -6693,10 +6603,7 @@ static void generate_keypair_unpacked_1c0( IndCpaPrivateKeyUnpacked_d4 *private_key, IndCpaPublicKeyUnpacked_d4 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_10(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for - ML-KEM */ - key_generation_seed, - hashed); + cpa_keygen_seed_d8_10(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6726,8 +6633,8 @@ static void generate_keypair_unpacked_1c0( sample_vector_cbd_then_ntt_out_3b0(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); - compute_As_plus_e_a0(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, - public_key->A, private_key->secret_as_ntt, error_as_ntt); + compute_As_plus_e_a0(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); @@ -6736,31 +6643,27 @@ static void generate_keypair_unpacked_1c0( } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], -libcrux_ml_kem_variant_MlKem with const generics + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 2 - PRIVATE_KEY_SIZE= 768 - PUBLIC_KEY_SIZE= 800 - RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_150( - Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_d4 private_key = default_1a_a0(); - IndCpaPublicKeyUnpacked_d4 public_key = default_8d_a0(); - generate_keypair_unpacked_1c0(key_generation_seed, &private_key, &public_key); +static libcrux_ml_kem_utils_extraction_helper_Keypair512 +serialize_unpacked_secret_key_6d(IndCpaPublicKeyUnpacked_d4 *public_key, + IndCpaPrivateKeyUnpacked_d4 *private_key) { uint8_t public_key_serialized[800U]; serialize_public_key_86( - /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key->t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_64( - /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, - secret_key_serialized); + serialize_secret_key_64(private_key->secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6777,22 +6680,41 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_150( return lit; } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_150( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_d4 private_key = default_1a_a0(); + IndCpaPublicKeyUnpacked_d4 public_key = default_8d_a0(); + generate_keypair_unpacked_1c0(key_generation_seed, &private_key, &public_key); + return serialize_unpacked_secret_key_6d(&public_key, &private_key); +} + /** Serialize the secret key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_30( +static KRML_MUSTINLINE void serialize_kem_secret_key_mut_30( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t *serialized) { size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; + uint8_t *uu____0 = serialized; size_t uu____1 = pointer; size_t uu____2 = pointer; Eurydice_slice_copy( @@ -6801,7 +6723,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_30( uint8_t), private_key, uint8_t); pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; + uint8_t *uu____3 = serialized; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( @@ -6811,13 +6733,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_30( public_key, uint8_t); pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - H_f1_fd(public_key, ret0); + serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t); + uint8_t ret[32U]; + H_f1_fd(public_key, ret); Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; + uint8_t *uu____7 = serialized; size_t uu____8 = pointer; size_t uu____9 = pointer; Eurydice_slice_copy( @@ -6826,6 +6749,24 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_30( uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), uint8_t), implicit_rejection_value, uint8_t); +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_30( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + serialize_kem_secret_key_mut_30(private_key, public_key, + implicit_rejection_value, out); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -6931,6 +6872,44 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5f( } } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const +generics +- K= 2 +- T_AS_NTT_ENCODED_SIZE= 768 +*/ +static void build_unpacked_public_key_mut_3f0( + Eurydice_slice public_key, + IndCpaPublicKeyUnpacked_d4 *unpacked_public_key) { + Eurydice_slice uu____0 = + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t); + deserialize_ring_elements_reduced_5f(uu____0, unpacked_public_key->t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[2U] = + unpacked_public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); + sample_matrix_A_2b0(uu____1, ret, false); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const +generics +- K= 2 +- T_AS_NTT_ENCODED_SIZE= 768 +*/ +static IndCpaPublicKeyUnpacked_d4 build_unpacked_public_key_3f0( + Eurydice_slice public_key) { + IndCpaPublicKeyUnpacked_d4 unpacked_public_key = default_8d_a0(); + build_unpacked_public_key_mut_3f0(public_key, &unpacked_public_key); + return unpacked_public_key; +} + /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN with const generics @@ -7035,10 +7014,7 @@ with const generics static KRML_MUSTINLINE void invert_ntt_montgomery_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = - /* We only ever call this function after matrix/vector multiplication */ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT - - / (size_t)2U; + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; invert_ntt_at_layer_1_8c(&zeta_i, re); invert_ntt_at_layer_2_8c(&zeta_i, re); invert_ntt_at_layer_3_8c(&zeta_i, re); @@ -7183,15 +7159,9 @@ static void compress_then_serialize_u_6d( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0]; - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - out, - i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * - ((size_t)640U / (size_t)2U), - uint8_t); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_fe(&re, ret); Eurydice_slice_copy( @@ -7274,11 +7244,7 @@ static void encrypt_unpacked_2a0(IndCpaPublicKeyUnpacked_d4 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := - CBD{η1}(PRF(r, N)) N := N + 1 end - for rˆ := NTT(r) */ - randomness, - prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7291,7 +7257,6 @@ static void encrypt_unpacked_2a0(IndCpaPublicKeyUnpacked_d4 *public_key, uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; - /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_400 uu____3 = sample_ring_element_cbd_3b0(copy_of_prf_input, domain_separator0); @@ -7300,7 +7265,7 @@ static void encrypt_unpacked_2a0(IndCpaPublicKeyUnpacked_d4 *public_key, error_1, uu____3.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; + prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF_f1_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); @@ -7308,11 +7273,9 @@ static void encrypt_unpacked_2a0(IndCpaPublicKeyUnpacked_d4 *public_key, sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[2U]; - compute_vector_u_a0(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, - r_as_ntt, error_1, u); + compute_vector_u_a0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; - /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element = deserialize_then_decompress_message_8c(copy_of_message); @@ -7321,14 +7284,12 @@ static void encrypt_unpacked_2a0(IndCpaPublicKeyUnpacked_d4 *public_key, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[2U]; - /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); compress_then_serialize_u_6d( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); - /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v; compress_then_serialize_ring_element_v_ff0( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, @@ -7356,29 +7317,15 @@ generics */ static void encrypt_2a0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_d4 unpacked_public_key = default_8d_a0(); - deserialize_ring_elements_reduced_5f( - Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ - public_key, (size_t)768U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 - do for j from 0 to k − 1 do AˆT[i][j] := - Parse(XOF(ρ, i, j)) end for end for */ - public_key, - (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[2U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); - sample_matrix_A_2b0(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_d4 *uu____1 = &unpacked_public_key; + IndCpaPublicKeyUnpacked_d4 unpacked_public_key = + build_unpacked_public_key_3f0(public_key); + IndCpaPublicKeyUnpacked_d4 *uu____0 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_2a0(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); + uint8_t ret0[768U]; + encrypt_unpacked_2a0(uu____0, copy_of_message, randomness, ret0); + memcpy(ret, ret0, (size_t)768U * sizeof(uint8_t)); } /** @@ -7653,14 +7600,11 @@ with const generics static void decrypt_unpacked_d1(IndCpaPrivateKeyUnpacked_d4 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[2U]; - deserialize_then_decompress_u_86( - /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + deserialize_then_decompress_u_86(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = deserialize_then_decompress_ring_element_v_d0( - Eurydice_array_to_subslice_from( - (size_t)768U, - /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ - ciphertext, (size_t)640U, uint8_t, size_t)); + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d message = compute_message_a0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -7681,8 +7625,7 @@ with const generics static void decrypt_d1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U]; - deserialize_secret_key_a0(/* sˆ := Decode_12(sk) */ secret_key, - secret_as_ntt); + deserialize_secret_key_a0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[2U]; memcpy( @@ -7736,20 +7679,13 @@ libcrux_ml_kem_variant_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_620( libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_0c( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; decrypt_d1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; @@ -7762,28 +7698,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_620( ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; G_f1_fd(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_4d(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_d0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_d0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_49(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; + Eurydice_slice uu____3 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_2a0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_2a0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_30(Eurydice_array_to_slice((size_t)32U, @@ -7985,28 +7921,20 @@ static KRML_MUSTINLINE void H_f1_e0(Eurydice_slice input, uint8_t ret[32U]) { Validate an ML-KEM private key. This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - SECRET_KEY_SIZE= 2400 -- CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_37( - libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { +bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { uint8_t t[32U]; - H_f1_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly - on the types. We need to go to the - `value` directly. */ - private_key->value, - (size_t)384U * (size_t)3U, - (size_t)768U * (size_t)3U + (size_t)32U, - uint8_t), + H_f1_e0(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, @@ -8015,6 +7943,27 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_37( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_37( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -8440,10 +8389,6 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_89( copy_of_randomness0, sampled_coefficients, out); - /* Requiring more than 5 blocks to sample a ring element should be very - * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid - * failing here, we squeeze more blocks out of the state until we have enough. - */ while (true) { if (done) { break; @@ -8497,8 +8442,7 @@ static KRML_MUSTINLINE void sample_matrix_A_2b1( for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)3U, - /* A[i][j] = A_transpose[j][i] */ sampled, + (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_1d), libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { @@ -8644,11 +8588,7 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_1b( for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)16U, - /* The semicolon and parentheses at the end of loop are a - workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - self->coefficients, + (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { @@ -8683,8 +8623,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_1b( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0]; - /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. - */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_d6_8c(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; @@ -8760,10 +8698,7 @@ static void generate_keypair_unpacked_1c1( IndCpaPrivateKeyUnpacked_a0 *private_key, IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for - ML-KEM */ - key_generation_seed, - hashed); + cpa_keygen_seed_d8_9c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8793,8 +8728,8 @@ static void generate_keypair_unpacked_1c1( sample_vector_cbd_then_ntt_out_3b1(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); - compute_As_plus_e_1b(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, - public_key->A, private_key->secret_as_ntt, error_as_ntt); + compute_As_plus_e_1b(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); @@ -8803,31 +8738,27 @@ static void generate_keypair_unpacked_1c1( } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], -libcrux_ml_kem_variant_MlKem with const generics + Serialize the secret key from the unpacked key pair generation. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 - RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_15( - Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_1b(); - IndCpaPublicKeyUnpacked_a0 public_key = default_8d_1b(); - generate_keypair_unpacked_1c1(key_generation_seed, &private_key, &public_key); +static libcrux_ml_kem_utils_extraction_helper_Keypair768 +serialize_unpacked_secret_key_43(IndCpaPublicKeyUnpacked_a0 *public_key, + IndCpaPrivateKeyUnpacked_a0 *private_key) { uint8_t public_key_serialized[1184U]; serialize_public_key_6c( - /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key->t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_89( - /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, - secret_key_serialized); + serialize_secret_key_89(private_key->secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8844,22 +8775,41 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_15( return lit; } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_15( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_1b(); + IndCpaPublicKeyUnpacked_a0 public_key = default_8d_1b(); + generate_keypair_unpacked_1c1(key_generation_seed, &private_key, &public_key); + return serialize_unpacked_secret_key_43(&public_key, &private_key); +} + /** Serialize the secret key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_d6( +static KRML_MUSTINLINE void serialize_kem_secret_key_mut_d6( Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; + Eurydice_slice implicit_rejection_value, uint8_t *serialized) { size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; + uint8_t *uu____0 = serialized; size_t uu____1 = pointer; size_t uu____2 = pointer; Eurydice_slice_copy( @@ -8868,7 +8818,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d6( uint8_t), private_key, uint8_t); pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; + uint8_t *uu____3 = serialized; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( @@ -8878,13 +8828,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d6( public_key, uint8_t); pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - H_f1_e0(public_key, ret0); + serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t); + uint8_t ret[32U]; + H_f1_e0(public_key, ret); Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; + uint8_t *uu____7 = serialized; size_t uu____8 = pointer; size_t uu____9 = pointer; Eurydice_slice_copy( @@ -8893,6 +8844,24 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d6( uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), uint8_t), implicit_rejection_value, uint8_t); +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d6( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + serialize_kem_secret_key_mut_d6(private_key, public_key, + implicit_rejection_value, out); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -8998,6 +8967,44 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b3( } } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static void build_unpacked_public_key_mut_3f1( + Eurydice_slice public_key, + IndCpaPublicKeyUnpacked_a0 *unpacked_public_key) { + Eurydice_slice uu____0 = + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t); + deserialize_ring_elements_reduced_b3(uu____0, unpacked_public_key->t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] = + unpacked_public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); + sample_matrix_A_2b1(uu____1, ret, false); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static IndCpaPublicKeyUnpacked_a0 build_unpacked_public_key_3f( + Eurydice_slice public_key) { + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_1b(); + build_unpacked_public_key_mut_3f1(public_key, &unpacked_public_key); + return unpacked_public_key; +} + /** Sample a vector of ring elements from a centered binomial distribution. */ @@ -9070,10 +9077,7 @@ with const generics static KRML_MUSTINLINE void invert_ntt_montgomery_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = - /* We only ever call this function after matrix/vector multiplication */ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT - - / (size_t)2U; + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; invert_ntt_at_layer_1_8c(&zeta_i, re); invert_ntt_at_layer_2_8c(&zeta_i, re); invert_ntt_at_layer_3_8c(&zeta_i, re); @@ -9180,15 +9184,9 @@ static void compress_then_serialize_u_43( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0]; - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - out, - i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * - ((size_t)960U / (size_t)3U), - uint8_t); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_fe(&re, ret); Eurydice_slice_copy( @@ -9260,11 +9258,7 @@ static void encrypt_unpacked_2a1(IndCpaPublicKeyUnpacked_a0 *public_key, Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := - CBD{η1}(PRF(r, N)) N := N + 1 end - for rˆ := NTT(r) */ - randomness, - prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9277,7 +9271,6 @@ static void encrypt_unpacked_2a1(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; - /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_230 uu____3 = sample_ring_element_cbd_3b1(copy_of_prf_input, domain_separator0); @@ -9286,7 +9279,7 @@ static void encrypt_unpacked_2a1(IndCpaPublicKeyUnpacked_a0 *public_key, error_1, uu____3.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; + prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF_f1_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); @@ -9294,11 +9287,9 @@ static void encrypt_unpacked_2a1(IndCpaPublicKeyUnpacked_a0 *public_key, sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U]; - compute_vector_u_1b(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, - r_as_ntt, error_1, u); + compute_vector_u_1b(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; - /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element = deserialize_then_decompress_message_8c(copy_of_message); @@ -9307,14 +9298,12 @@ static void encrypt_unpacked_2a1(IndCpaPublicKeyUnpacked_a0 *public_key, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U]; - /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); compress_then_serialize_u_43( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); - /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v; compress_then_serialize_ring_element_v_ff0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, @@ -9342,29 +9331,15 @@ generics */ static void encrypt_2a(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_1b(); - deserialize_ring_elements_reduced_b3( - Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ - public_key, (size_t)1152U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 - do for j from 0 to k − 1 do AˆT[i][j] := - Parse(XOF(ρ, i, j)) end for end for */ - public_key, - (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[3U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); - sample_matrix_A_2b1(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = + build_unpacked_public_key_3f(public_key); + IndCpaPublicKeyUnpacked_a0 *uu____0 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_2a1(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + uint8_t ret0[1088U]; + encrypt_unpacked_2a1(uu____0, copy_of_message, randomness, ret0); + memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t)); } /** @@ -9598,14 +9573,11 @@ with const generics static void decrypt_unpacked_42(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U]; - deserialize_then_decompress_u_6c( - /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + deserialize_then_decompress_u_6c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = deserialize_then_decompress_ring_element_v_d0( - Eurydice_array_to_subslice_from( - (size_t)1088U, - /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ - ciphertext, (size_t)960U, uint8_t, size_t)); + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d message = compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -9626,8 +9598,7 @@ with const generics static void decrypt_42(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U]; - deserialize_secret_key_1b(/* sˆ := Decode_12(sk) */ secret_key, - secret_as_ntt); + deserialize_secret_key_1b(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U]; memcpy( @@ -9681,20 +9652,13 @@ libcrux_ml_kem_variant_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_62( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; decrypt_42(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; @@ -9707,28 +9671,28 @@ void libcrux_ml_kem_ind_cca_decapsulate_62( ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; G_f1_e0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_41(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; + Eurydice_slice uu____3 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_2a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_2a(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_d6(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index bdb63414c..71609b138 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 4c9cc7545..399fe2676 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 44399abde..3654b0146 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "internal/libcrux_sha3_avx2.h" @@ -77,8 +77,7 @@ static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { } static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { - __m256i c0 = mm256_set1_epi64x( - (int64_t) /* Casting here is required, doesn't change the value. */ c); + __m256i c0 = mm256_set1_epi64x((int64_t)c); return mm256_xor_si256(a, c0); } @@ -1431,13 +1430,13 @@ static KRML_MUSTINLINE void store_block_5b(__m256i (*s)[5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v1h = mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); __m256i v2l = mm256_permute2x128_si256( (int32_t)49, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], @@ -1748,16 +1747,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = { - /* XXX: These functions could alternatively implement the same with the - portable implementation #[cfg(feature = "simd128")] { keccakx2::<136, - 0x1fu8>([input0, input1], [out0, out1]); keccakx2::<136, - 0x1fu8>([input2, input3], [out2, out3]); } { keccakx1::<136, - 0x1fu8>([input0], [out0]); keccakx1::<136, 0x1fu8>([input1], [out1]); - keccakx1::<136, 0x1fu8>([input2], [out2]); keccakx1::<136, - 0x1fu8>([input3], [out3]); } */ - input0, - input1, input2, input3}; + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; keccak_fb(buf0, buf); } @@ -1972,13 +1962,13 @@ static KRML_MUSTINLINE void store_block_3a(__m256i (*s)[5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v1h = mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); __m256i v2l = mm256_permute2x128_si256( (int32_t)49, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 8887556cd..91cdb8ea4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index a79a13891..5f6d73eac 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_sha3_internal_H @@ -1811,7 +1811,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out); } @@ -2160,7 +2159,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out); } @@ -2509,7 +2507,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out); } @@ -2698,7 +2695,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out); } @@ -2817,7 +2813,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out); } @@ -3166,7 +3161,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 2ed7a6a1a..5a9ec21e5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #include "libcrux_sha3_neon.h" @@ -62,7 +62,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1) { - /* TODO: make argument ordering consistent */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -73,9 +72,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, */ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_init(void) { - /* XXX: These functions could alternatively implement the same with the - * portable implementation { let s0 = KeccakState::new(); let s1 = - * KeccakState::new(); [s0, s1] } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -87,10 +83,6 @@ libcrux_sha3_neon_x2_incremental_init(void) { KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - /* XXX: These functions could alternatively implement the same with the - * portable implementation { let [mut s0, mut s1] = s; - * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1, - * data1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -104,10 +96,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - /* XXX: These functions could alternatively implement the same with the - * portable implementation { let [mut s0, mut s1] = s; - * shake128_squeeze_first_three_blocks(&mut s0, out0); - * shake128_squeeze_first_three_blocks(&mut s1, out1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -121,10 +109,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - /* XXX: These functions could alternatively implement the same with the - * portable implementation { let [mut s0, mut s1] = s; - * shake128_squeeze_next_block(&mut s0, out0); - * shake128_squeeze_next_block(&mut s1, out1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -148,10 +132,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_five_blocks( KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake256_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - /* XXX: These functions could alternatively implement the same with the - * portable implementation { let [mut s0, mut s1] = s; - * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1, - * data1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index d0aad5d7e..9c50ca0b5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2e8f138dbcbfbfabf4bbd994c8587ec00d197102 + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index c3d844266..841294d90 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 -Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c -Karamel: 8c3612018c25889288da6857771be3ad03b75bcd +Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 +Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 4ed279ad21152e4666d0e51fdd9c751e1472e348 +Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 5b11a486b..3b4b602d1 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_core_H @@ -2895,6 +2895,50 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_24( memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +typedef struct Eurydice_slice_uint8_t_x4_s { + Eurydice_slice fst; + Eurydice_slice snd; + Eurydice_slice thd; + Eurydice_slice f3; +} Eurydice_slice_uint8_t_x4; + +typedef struct Eurydice_slice_uint8_t_x2_s { + Eurydice_slice fst; + Eurydice_slice snd; +} Eurydice_slice_uint8_t_x2; + +/** + Unpack an incoming private key into it's different parts. + + We have this here in types to extract into a common core for C. +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.unpack_private_key +with const generics +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static inline Eurydice_slice_uint8_t_x4 +libcrux_ml_kem_types_unpack_private_key_b4(Eurydice_slice private_key) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + private_key, (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + return (CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key, + .snd = ind_cpa_public_key, + .thd = ind_cpa_public_key_hash, + .f3 = implicit_rejection_value}); +} + /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError @@ -2963,11 +3007,6 @@ static inline void unwrap_26_68(Result_15 self, uint8_t ret[8U]) { } } -typedef struct Eurydice_slice_uint8_t_x2_s { - Eurydice_slice fst; - Eurydice_slice snd; -} Eurydice_slice_uint8_t_x2; - typedef struct Eurydice_slice_uint8_t_1size_t__x2_s { Eurydice_slice fst[1U]; Eurydice_slice snd[1U]; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index aa4b0922f..9530ce1dd 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 26a084d4a..805537b9f 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem768_avx2_H @@ -22,9 +22,7 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" -#include "libcrux_mlkem768_avx2_types.h" #include "libcrux_mlkem768_portable.h" -#include "libcrux_mlkem768_portable_types.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -46,6 +44,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); @@ -170,16 +170,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(/* Compute v_i - Q and crate a - mask from the sign bit of each - of these quantities. */ - vector, field_modulus); + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( (int32_t)15, v_minus_field_modulus, __m256i); __m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(/* If v_i - Q < 0 then add back Q - to (v_i - Q). */ - sign_mask, field_modulus); + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); } @@ -552,7 +547,6 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - /* Compute the first term of the product */ __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, @@ -560,8 +554,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0); - __m256i lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - /* Prepare the left hand side */ lhs, shuffle_with); + __m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( (int32_t)216, lhs_shuffled, __m256i); __m128i lhs_evens = @@ -570,8 +564,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, lhs_shuffled0, __m128i); __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - __m256i rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - /* Prepare the right hand side */ rhs, shuffle_with); + __m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( (int32_t)216, rhs_shuffled, __m256i); __m128i rhs_evens = @@ -580,8 +574,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, rhs_shuffled0, __m128i); __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - __m256i left = libcrux_intrinsics_avx2_mm256_mullo_epi32( - /* Start operating with them */ lhs_evens0, rhs_evens0); + __m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); __m256i right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); __m256i right0 = @@ -596,7 +590,7 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - /* Compute the second term of the product */ rhs, + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, @@ -611,10 +605,8 @@ static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( products_right); __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( (int32_t)16, products_right0, __m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)170, - /* Combine them into one vector */ products_left0, products_right1, - __m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, __m256i); } /** @@ -632,60 +624,13 @@ static inline __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( __m256i vector, uint8_t ret[2U]) { - __m256i lsb_to_msb = libcrux_intrinsics_avx2_mm256_slli_epi16( - (int32_t)15, - /* Suppose |vector| is laid out as follows (superscript number indicates - the corresponding bit is duplicated that many times): 0¹⁵a₀ 0¹⁵b₀ 0¹⁵c₀ - 0¹⁵d₀ | 0¹⁵e₀ 0¹⁵f₀ 0¹⁵g₀ 0¹⁵h₀ | ... We care only about the least - significant bit in each lane, move it to the most significant position - to make it easier to work with. |vector| now becomes: a₀0¹⁵ b₀0¹⁵ c₀0¹⁵ - d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ | ↩ i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵ - n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ */ - vector, __m256i); - __m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* Get the first 8 16-bit - elements ... */ - lsb_to_msb); + __m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* ... and the next 8 16-bit elements ... */ lsb_to_msb, __m128i); - __m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(/* ... and then pack them into - 8-bit values using signed - saturation. This function packs - all the |low_msbs|, and then the - high ones. low_msbs = a₀0¹⁵ - b₀0¹⁵ c₀0¹⁵ d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵ - g₀0¹⁵ h₀0¹⁵ high_msbs = i₀0¹⁵ - j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵ n₀0¹⁵ - o₀0¹⁵ p₀0¹⁵ We shifted by 15 - above to take advantage of the - signed saturation performed by - mm_packs_epi16: - if the sign - bit of the 16-bit element being - packed is 1, the corresponding - 8-bit element in |msbs| will be - 0xFF. - if the sign bit of the - 16-bit element being packed is - 0, the corresponding 8-bit - element in |msbs| will be 0. - Thus, if, for example, a₀ = 1, - e₀ = 1, and p₀ = 1, and every - other bit is 0, after packing - into 8 bit value, |msbs| will - look like: 0xFF 0x00 0x00 0x00 | - 0xFF 0x00 0x00 0x00 | 0x00 0x00 - 0x00 0x00 | 0x00 0x00 0x00 0xFF - */ - low_msbs, high_msbs); - int32_t bits_packed = - libcrux_intrinsics_avx2_mm_movemask_epi8(/* Now that every element is - either 0xFF or 0x00, we just - extract the most significant - bit from each element and - collate them into two bytes. - */ - msbs); + (int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; serialized[1U] = (uint8_t)(bits_packed >> 8U); @@ -706,19 +651,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index( - bytes, - /* We need to take each bit from the 2 bytes of input and put them - into their own 16-bit lane. Ideally, we'd load the two bytes into - the vector, duplicate them, and right-shift the 0th element by 0 - bits, the first element by 1 bit, the second by 2 bits and so on - before AND-ing with 0x1 to leave only the least signifinicant bit. - But since |_mm256_srlv_epi16| does not exist, so we have to resort - to a workaround. Rather than shifting each element by a different - amount, we'll multiply each element by a value such that the bit - we're interested in becomes the most significant bit. The - coefficients are loaded as follows: */ - (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), @@ -741,11 +674,8 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, - /* Now that they're all in the most significant bit position, shift them - down to the least significant bit. */ - coefficients_in_msb, __m256i); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, __m256i); } /** @@ -762,85 +692,28 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(/* If |vector| is laid out as - follows: 0x000A 0x000B 0x000C - 0x000D | 0x000E 0x000F 0x000G - 0x000H | .... - |adjacent_2_combined| will be - laid out as a series of 32-bit - integeres, as follows: - 0x00_00_00_BA 0x00_00_00_DC | - 0x00_00_00_FE 0x00_00_00_HG | - ... */ - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, - (int16_t)1)); - __m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(/* Recall that - |adjacent_2_combined| goes - as follows: 0x00_00_00_BA - 0x00_00_00_DC | - 0x00_00_00_FE 0x00_00_00_HG - | ... Out of this, we only - need the first byte, the 4th - byte, the 8th byte and so on - from the bottom and the top - 128 bits. */ - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - __m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32(/* |adjacent_8_combined| - looks like this: 0: - 0xHG_FE_DC_BA 1: - 0x00_00_00_00 | 2: - 0x00_00_00_00 3: - 0x00_00_00_00 | 4: - 0xPO_NM_LK_JI .... - We put the element - at 4 after the - element at 0 ... */ - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)0, - (int32_t)4, - (int32_t)0)); + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); + __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice( - (size_t)16U, - /* ... so that we can read them out in one go. */ serialized, - uint8_t), - combined0); + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; Result_15 dst; Eurydice_slice_to_array2( @@ -865,24 +738,9 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index( - bytes, - /* Every 4 bits from each byte of input should be put into its own - 16-bit lane. Since |_mm256_srlv_epi16| does not exist, we have to - resort to a workaround. Rather than shifting each element by a - different amount, we'll multiply each element by a value such that - the bits we're interested in become the most significant bits (of - an 8-bit value). In this lane, the 4 bits we need to put are - already the most significant bits of |bytes[7]|. */ - (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index( - bytes, - /* In this lane, the 4 bits we need to put are the least significant - bits, so we need to shift the 4 least-significant bits of - |bytes[7]| to the most significant bits (of an 8-bit value). */ - (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, /* and so on ... */ (size_t)6U, - uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), @@ -904,14 +762,10 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( coefficients, shift_lsbs_to_msbs); __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, - /* Once the 4-bit coefficients are in the most significant positions (of - an 8-bit value), shift them all down by 4. */ - coefficients_in_msb, __m256i); + (int32_t)4, coefficients_in_msb, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( - /* Zero the remaining bits. */ coefficients_in_lsb, - libcrux_intrinsics_avx2_mm256_set1_epi16(((int16_t)1 << 4U) - - (int16_t)1)); + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); } /** @@ -928,106 +782,35 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(/* If |vector| is laid out as - follows (superscript number - indicates the corresponding - bit is duplicated that many - times): 0¹¹a₄a₃a₂a₁a₀ - 0¹¹b₄b₃b₂b₁b₀ 0¹¹c₄c₃c₂c₁c₀ - 0¹¹d₄d₃d₂d₁d₀ | ↩ - 0¹¹e₄e₃e₂e₁e₀ 0¹¹f₄f₃f₂f₁f₀ - 0¹¹g₄g₃g₂g₁g₀ 0¹¹h₄h₃h₂h₁h₀ | - ↩ |adjacent_2_combined| will - be laid out as a series of - 32-bit integers, as follows: - 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ - 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ - 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ - 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ - .... */ - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, - (int16_t)1)); - __m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(/* Recall that - |adjacent_2_combined| is laid - out as follows: - 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ - 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ - 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ - 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ - .... This shift results in: - b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² - 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ - f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² - 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ - .... */ - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, - (int32_t)0, (int32_t)22, - (int32_t)0, (int32_t)22, - (int32_t)0, (int32_t)22)); + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)22, - /* |adjacent_4_combined|, when viewed as 64-bit lanes, is: - 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² | ↩ - 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² | ↩ ... so we just shift - down by 22 bits to remove the least significant 0 bits that aren't part - of the bits we need. */ - adjacent_4_combined, __m256i); + (int32_t)22, adjacent_4_combined, __m256i); __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, - /* |adjacent_4_combined|, when viewed as a set of 32-bit values, looks - like: 0:0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ 1:0³² - 2:0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 3:0³² | ↩ To be able to - read out the bytes in one go, we need to shifts the bits in position 2 - to position 1 in each 128-bit lane. */ - adjacent_4_combined0, __m256i); - __m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32(/* |adjacent_8_combined|, when - viewed as a set of 32-bit - values, now looks like: - 0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ - 0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ - 0³² 0³² | ↩ Once again, we - line these bits up by shifting - the up values at indices 0 and - 5 by 12, viewing the resulting - register as a set of 64-bit - values, and then shifting down - the 64-bit values by 12 bits. - */ - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)12)); + (int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( (int32_t)12, adjacent_8_combined0, __m256i); __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* We now have 40 bits - starting at position 0 in - the lower 128-bit lane, - ... */ - adjacent_8_combined1); + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* ... and the second 40 bits at position 0 in the upper 128-bit lane */ - adjacent_8_combined1, __m128i); + (int32_t)1, adjacent_8_combined1, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); @@ -1110,116 +893,36 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16(/* If |vector| is laid out as - follows (superscript number - indicates the corresponding - bit is duplicated that many - times): 0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ - 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀ - 0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ - 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩ - 0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ - 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀ - 0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ - 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ ... - |adjacent_2_combined| will be - laid out as a series of 32-bit - integers, as follows: - 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ - 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ - | ↩ - 0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ - 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ - | ↩ .... */ - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1, - (int16_t)1 << 10U, - (int16_t)1)); - __m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32(/* Shifting up the values at the - even indices by 12, we get: - b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² - 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ - | ↩ - f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² - 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ - | ↩ ... */ - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12)); + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, - /* Viewing this as a set of 64-bit integers we get: - 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² - | ↩ - 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² - | ↩ ... Shifting down by 12 gives us: - 0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ - | ↩ - 0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ - | ↩ ... */ - adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(/* |adjacent_4_combined|, when - the bottom and top 128 - bit-lanes are grouped into - bytes, looks like: - 0₇0₆0₅B₄B₃B₂B₁B₀ | ↩ - 0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩ - In each 128-bit lane, we - want to put bytes 8, 9, 10, - 11, 12 after bytes 0, 1, 2, - 3 to allow for sequential - reading. */ - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)11, - (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, - (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)11, - (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, - (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0)); + (int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* We now have 64 bits - starting at position 0 in - the lower 128-bit lane, - ... */ - adjacent_8_combined); + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* and 64 bits starting at position 0 in the upper 128-bit lane. */ - adjacent_8_combined, __m128i); + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t), @@ -1439,70 +1142,28 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(/* The input bytes can - be interpreted as a - sequence of - serialized 12-bit - (i.e. uncompressed) - coefficients. Not - all coefficients - may be less than - FIELD_MODULUS - though. */ - input); + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); __m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(/* Suppose we view - |potential_coefficients| as - follows (grouping 64-bit - elements): A B C D | E F G H - | .... and A < 3329, D < 3329 - and H < 3329, - |compare_with_field_modulus| - will look like: 0xFF 0 0 0xFF - | 0 0 0 0xFF | ... */ - field_modulus, + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(/* Since every bit in each - lane is either 0 or 1, we - only need one bit from - each lane in the register - to tell us what - coefficients to keep and - what to throw-away. - Combine all the bits - (there are 16) into two - bytes. */ - compare_with_field_modulus, + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); uint8_t lower_shuffles[16U]; memcpy(lower_shuffles, - /* Each bit (and its corresponding position) represents an element we - want to sample. We'd like all such elements to be next to each other - starting at index 0, so that they can be read from the vector - easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level - shuffling indices needed to make this happen. For e.g. if good[0] = - 0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit - lane to the first. To do this, we need the byte-level shuffle - indices to be 2 3 X X X X ... */ libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, - /* Shuffle the lower 8 16-bits accordingly ... */ lower_shuffles, - uint8_t)); + __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); __m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - /* ... then write them out ... */ output, lower_coefficients0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, - /* Do the same for |goood[1]| */ libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); @@ -1530,6 +1191,15 @@ static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); } +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f6_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f6; + /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, @@ -1635,6 +1305,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63; + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types @@ -1664,9 +1344,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef( __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)1 << (uint32_t)(int32_t)10); __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8 - coefficients ---- */ - vector); + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( @@ -1676,15 +1354,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef( __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( decompressed_low0, two_pow_coefficient_bits); __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)10, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_low1, __m256i); + (int32_t)10, decompressed_low1, __m256i); __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( (int32_t)1, decompressed_low2, __m256i); __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); + (int32_t)1, vector, __m128i); __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( @@ -1694,29 +1368,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ef( __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( decompressed_high0, two_pow_coefficient_bits); __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)10, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_high1, __m256i); + (int32_t)10, decompressed_high1, __m256i); __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping - each set of 64-bits, this - function results in: 0: low - low low low | 1: high high - high high | 2: low low low - low | 3: high high high high - where each |low| and |high| - is a 16-bit element */ - decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -1777,9 +1435,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4( __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)1 << (uint32_t)(int32_t)11); __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8 - coefficients ---- */ - vector); + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( @@ -1789,15 +1445,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4( __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( decompressed_low0, two_pow_coefficient_bits); __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)11, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_low1, __m256i); + (int32_t)11, decompressed_low1, __m256i); __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( (int32_t)1, decompressed_low2, __m256i); __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); + (int32_t)1, vector, __m128i); __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( @@ -1807,29 +1459,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_c4( __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( decompressed_high0, two_pow_coefficient_bits); __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)11, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_high1, __m256i); + (int32_t)11, decompressed_high1, __m256i); __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping - each set of 64-bits, this - function results in: 0: low - low low low | 1: high high - high high | 2: low low low - low | 3: high high high high - where each |low| and |high| - is a 16-bit element */ - decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -2035,11 +1671,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); @@ -2133,9 +1765,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1( __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)1 << (uint32_t)(int32_t)4); __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8 - coefficients ---- */ - vector); + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( @@ -2145,15 +1775,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1( __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( decompressed_low0, two_pow_coefficient_bits); __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)4, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_low1, __m256i); + (int32_t)4, decompressed_low1, __m256i); __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( (int32_t)1, decompressed_low2, __m256i); __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); + (int32_t)1, vector, __m128i); __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( @@ -2163,29 +1789,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d1( __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( decompressed_high0, two_pow_coefficient_bits); __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)4, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_high1, __m256i); + (int32_t)4, decompressed_high1, __m256i); __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping - each set of 64-bits, this - function results in: 0: low - low low low | 1: high high - high high | 2: low low low - low | 3: high high high high - where each |low| and |high| - is a 16-bit element */ - decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -2246,9 +1856,7 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4( __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)1 << (uint32_t)(int32_t)5); __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8 - coefficients ---- */ - vector); + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( @@ -2258,15 +1866,11 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4( __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( decompressed_low0, two_pow_coefficient_bits); __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)5, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_low1, __m256i); + (int32_t)5, decompressed_low1, __m256i); __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( (int32_t)1, decompressed_low2, __m256i); __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); + (int32_t)1, vector, __m128i); __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( @@ -2276,29 +1880,13 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4( __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( decompressed_high0, two_pow_coefficient_bits); __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)5, - /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of - support for const generic expressions. */ - decompressed_high1, __m256i); + (int32_t)5, decompressed_high1, __m256i); __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping - each set of 64-bits, this - function results in: 0: low - low low low | 1: high high - high high | 2: low low low - low | 3: high high high high - where each |low| and |high| - is a 16-bit element */ - decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -2400,8 +1988,6 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 libcrux_ml_kem_polynomial_ntt_multiply_d6_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) { - /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient| - * coefficient >= 0 && coefficient < 4096)); */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out = libcrux_ml_kem_polynomial_ZERO_d6_79(); for (size_t i = (size_t)0U; @@ -2444,14 +2030,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_ab( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) { for (size_t i = (size_t)0U; - i < - Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, - /* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - self->coefficients, __m256i), - __m256i); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2560,13 +2141,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_79( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; - i0 < (size_t)128U >> - (uint32_t) /* The semicolon and parentheses at the end of loop are a - workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - layer; - i0++) { + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; @@ -2598,10 +2173,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ab( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t zeta_i = - /* We only ever call this function after matrix/vector multiplication */ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT - - / (size_t)2U; + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_79(&zeta_i, re, (size_t)1U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_79(&zeta_i, re, (size_t)2U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_79(&zeta_i, re, (size_t)3U); @@ -2785,16 +2357,11 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2f( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(/* u := - Decompress_q(Decode_{d_u}(c), - d_u) */ - ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ed(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_42( - Eurydice_array_to_subslice_from( - (size_t)1088U, - /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ - ciphertext, (size_t)960U, uint8_t, size_t)); + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message = libcrux_ml_kem_matrix_compute_message_ab(&v, secret_key->secret_as_ntt, u_as_ntt); @@ -2818,8 +2385,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_2f(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab( - /* sˆ := Decode_12(sk) */ secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U]; memcpy( @@ -2881,6 +2447,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_41( libcrux_ml_kem_hash_functions_avx2_PRF_9e(input, ret); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63; + /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpackedt_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] = + unpacked_public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); + libcrux_ml_kem_matrix_sample_matrix_A_6c(uu____1, ret, false); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 +libcrux_ml_kem_ind_cpa_build_unpacked_public_key_fa(Eurydice_slice public_key) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(); + libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_fa(public_key, + &unpacked_public_key); + return unpacked_public_key; +} + /** A monomorphic instance of K. with types libcrux_ml_kem_polynomial_PolynomialRingElement @@ -3676,12 +3291,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - step; - i++) { + for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( re->coefficients[j + step], (int16_t)-1600); @@ -3702,10 +3312,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_79(/* Due to the small coefficient bound, we - can skip the first round of Montgomery - reductions. */ - re); + libcrux_ml_kem_ntt_ntt_at_layer_7_79(re); size_t zeta_i = (size_t)1U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U, (size_t)3U); @@ -3919,11 +3526,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( @@ -4045,26 +3648,8 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_d6_79( __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients - [/* FIXME: Eurydice crashes with: Warning 11: in top-level - declaration - libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector: - this expression is not Low*; the enclosing function cannot be - translated into C*: let mutable ret(Mark.Present,(Mark.AtMost - 2), ): int16_t[16size_t] = $any in - libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add - ((@9: - libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4] - &(((@8: - libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4]) - @0; @0 Warning 11 is fatal, exiting. On the following code: - ```rust result.coefficients[i] = - Vector::barrett_reduce(Vector::add( coefficient_normal_form, - &Vector::add(self.coefficients[i], &message.coefficients[i]), - )); ``` */ - i0], - &message->coefficients[i0]); + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], + &message->coefficients[i0]); __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = @@ -4122,23 +3707,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef( __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8 - coefficients ---- Take - the bottom 128 bits, i.e. - the first 8 16-bit - coefficients */ - vector); + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] - = A - coefficients_low[16:31] = - B coefficients_low[32:63] - = C and so on ... after - this step: - coefficients_low[0:31] = A - coefficients_low[32:63] = - B and so on ... */ - coefficients_low); + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( (int32_t)10, coefficients_low0, __m256i); __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( @@ -4147,17 +3718,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef( libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, - /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we - just need to shift right by 35 - 32 = 3 more. */ - compressed_low1, __m256i); + (int32_t)3, compressed_low1, __m256i); __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( compressed_low2, coefficient_bits_mask); __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, - i.e. the next 8 16-bit coefficients */ - vector, __m128i); + (int32_t)1, vector, __m128i); __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( @@ -4171,23 +3736,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ef( (int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( compressed_high2, coefficient_bits_mask); - __m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping - each set of 64-bits, this - function results in: 0: low - low low low | 1: high high - high high | 2: low low low - low | 3: high high high high - where each |low| and |high| - is a 16-bit element */ - compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4251,23 +3803,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4( __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8 - coefficients ---- Take - the bottom 128 bits, i.e. - the first 8 16-bit - coefficients */ - vector); + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] - = A - coefficients_low[16:31] = - B coefficients_low[32:63] - = C and so on ... after - this step: - coefficients_low[0:31] = A - coefficients_low[32:63] = - B and so on ... */ - coefficients_low); + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( (int32_t)11, coefficients_low0, __m256i); __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( @@ -4276,17 +3814,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4( libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, - /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we - just need to shift right by 35 - 32 = 3 more. */ - compressed_low1, __m256i); + (int32_t)3, compressed_low1, __m256i); __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( compressed_low2, coefficient_bits_mask); __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, - i.e. the next 8 16-bit coefficients */ - vector, __m128i); + (int32_t)1, vector, __m128i); __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( @@ -4300,23 +3832,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_c4( (int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( compressed_high2, coefficient_bits_mask); - __m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping - each set of 64-bits, this - function results in: 0: low - low low low | 1: high high - high high | 2: low low low - low | 3: high high high high - where each |low| and |high| - is a 16-bit element */ - compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4403,14 +3922,9 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_8c( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0]; - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * - ((size_t)960U / (size_t)3U), - uint8_t); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_a4(&re, ret); @@ -4437,23 +3951,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1( __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8 - coefficients ---- Take - the bottom 128 bits, i.e. - the first 8 16-bit - coefficients */ - vector); + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] - = A - coefficients_low[16:31] = - B coefficients_low[32:63] - = C and so on ... after - this step: - coefficients_low[0:31] = A - coefficients_low[32:63] = - B and so on ... */ - coefficients_low); + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( (int32_t)4, coefficients_low0, __m256i); __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( @@ -4462,17 +3962,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1( libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, - /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we - just need to shift right by 35 - 32 = 3 more. */ - compressed_low1, __m256i); + (int32_t)3, compressed_low1, __m256i); __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( compressed_low2, coefficient_bits_mask); __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, - i.e. the next 8 16-bit coefficients */ - vector, __m128i); + (int32_t)1, vector, __m128i); __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( @@ -4486,23 +3980,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d1( (int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( compressed_high2, coefficient_bits_mask); - __m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping - each set of 64-bits, this - function results in: 0: low - low low low | 1: high high - high high | 2: low low low - low | 3: high high high high - where each |low| and |high| - is a 16-bit element */ - compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4533,11 +4014,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_d1( libcrux_ml_kem_vector_traits_to_unsigned_representative_79( @@ -4569,23 +4046,9 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4( __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(/* ---- Compress the first 8 - coefficients ---- Take - the bottom 128 bits, i.e. - the first 8 16-bit - coefficients */ - vector); + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] - = A - coefficients_low[16:31] = - B coefficients_low[32:63] - = C and so on ... after - this step: - coefficients_low[0:31] = A - coefficients_low[32:63] = - B and so on ... */ - coefficients_low); + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( (int32_t)5, coefficients_low0, __m256i); __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( @@ -4594,17 +4057,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4( libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, - /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we - just need to shift right by 35 - 32 = 3 more. */ - compressed_low1, __m256i); + (int32_t)3, compressed_low1, __m256i); __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( compressed_low2, coefficient_bits_mask); __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, - /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, - i.e. the next 8 16-bit coefficients */ - vector, __m128i); + (int32_t)1, vector, __m128i); __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( @@ -4618,23 +4075,10 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_f4( (int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( compressed_high2, coefficient_bits_mask); - __m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(/* Combining them, and grouping - each set of 64-bits, this - function results in: 0: low - low low low | 1: high high - high high | 2: low low low - low | 3: high high high high - where each |low| and |high| - is a 16-bit element */ - compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, - /* To be in the right order, we need to move the |low|s above in position - 2 to position 1 and the |high|s in position 1 to position 2, and leave - the rest unchanged. */ - compressed, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4665,11 +4109,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_f4( libcrux_ml_kem_vector_traits_to_unsigned_representative_79( @@ -4760,10 +4200,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := - CBD{η1}(PRF(r, N)) N := N + 1 end - for rˆ := NTT(r) */ - randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4776,7 +4213,6 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74( uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; - /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_230 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b4( copy_of_prf_input, domain_separator0); @@ -4785,7 +4221,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74( error_1, uu____3.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; + prf_input[32U] = domain_separator; uint8_t prf_output[128U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_410( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); @@ -4793,12 +4229,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74( libcrux_ml_kem_sampling_sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_ab(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ - public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_ab(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; - /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element = libcrux_ml_kem_serialize_deserialize_then_decompress_message_79( @@ -4808,14 +4242,12 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_74( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U]; - /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); libcrux_ml_kem_ind_cpa_compress_then_serialize_u_8c( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); - /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_78( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, @@ -4846,30 +4278,17 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_74(Eurydice_slice public_key, Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_ab(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_98( - Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ - public_key, (size_t)1152U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 - do for j from 0 to k − 1 do AˆT[i][j] := - Parse(XOF(ρ, i, j)) end for end for */ - public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[3U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_6c(uu____0, ret0, false); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *uu____1 = + unpacked_public_key = + libcrux_ml_kem_ind_cpa_build_unpacked_public_key_fa(public_key); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *uu____0 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(uu____1, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + uint8_t ret0[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_74(uu____0, copy_of_message, + randomness, ret0); + memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t)); } /** @@ -4919,20 +4338,13 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_ind_cca_decapsulate_a1( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; libcrux_ml_kem_ind_cpa_decrypt_2f(ind_cpa_secret_key, ciphertext->value, decrypted); @@ -4947,29 +4359,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a1( uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_e0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_41( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; + Eurydice_slice uu____3 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_74(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_74(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_d8_ae( @@ -5270,18 +4682,11 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = libcrux_ml_kem_vector_traits_to_standard_domain_79( - self->coefficients[/* The coefficients are of the form aR^{-1} mod - q, which means calling to_montgomery_domain() - on them should return a mod q. */ - j]); + self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); @@ -5312,8 +4717,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ab( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0]; - /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. - */ libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = libcrux_ml_kem_polynomial_ZERO_d6_79(); t_as_ntt[i0] = uu____0; @@ -5394,9 +4797,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) - := G(d || K) for ML-KEM */ - key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_be(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5429,8 +4830,8 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_22( .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); libcrux_ml_kem_matrix_compute_As_plus_e_ab( - /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); uint8_t uu____5[32U]; Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); @@ -5567,18 +4968,12 @@ libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_8c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key) { uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ed(/* pk := (Encode_12(tˆ - mod^{+}q) || ρ) */ - public_key->t_as_ntt, - Eurydice_array_to_slice( - (size_t)32U, - public_key->seed_for_A, - uint8_t), - public_key_serialized); + libcrux_ml_kem_ind_cpa_serialize_public_key_ed( + public_key->t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(/* sk := Encode_12(sˆ mod^{+}q) - */ - private_key->secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_ed(private_key->secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5847,20 +5242,13 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_ind_cca_decapsulate_a10( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; libcrux_ml_kem_ind_cpa_decrypt_2f(ind_cpa_secret_key, ciphertext->value, decrypted); @@ -5875,29 +5263,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a10( uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_e0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_41( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; + Eurydice_slice uu____3 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_74(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_74(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_33_ae( @@ -6178,9 +5566,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) - := G(d || K) for ML-KEM */ - key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_be(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6213,8 +5599,8 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_220( .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); libcrux_ml_kem_matrix_compute_As_plus_e_ab( - /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); uint8_t uu____5[32U]; Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); @@ -6343,27 +5729,20 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { Validate an ML-KEM private key. This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - SECRET_KEY_SIZE= 2400 -- CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_12( - libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_ae( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { uint8_t t[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_e0( - Eurydice_array_to_subslice2(/* Eurydice can't access values directly on - the types. We need to go to the `value` - directly. */ - private_key->value, (size_t)384U * (size_t)3U, + Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), t); @@ -6375,7 +5754,29 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_12( } /** - Portable private key validation + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_12( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_ae(private_key); +} + +/** + Private key validation */ /** A monomorphic instance of @@ -6407,6 +5808,35 @@ static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( private_key, ciphertext); } +/** + Private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_only with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_only_41( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_ae(private_key); +} + +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_only_41( + private_key); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with @@ -6517,7 +5947,7 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_ed( } /** - Portable public key validation + Public key validation */ /** A monomorphic instance of @@ -6546,6 +5976,34 @@ static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( public_key->value); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63; + +typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 public_key; +} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; + /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6654,7 +6112,7 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_35( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6766,7 +6224,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_c2 +static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_cd( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *public_key, uint8_t randomness[32U]) { @@ -6952,7 +6410,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c6( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { @@ -7116,6 +6574,233 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { return libcrux_ml_kem_ind_cca_unpacked_default_1c_ab(); } +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +libcrux_ml_kem_sampling_sample_from_xof_closure_b3(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_d6_79( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b3( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_hash_functions_portable_PortableHash_88 xof_state = + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_e0( + copy_of_seeds); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_e0( + &xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed( + copy_of_randomness0, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_e0( + &xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_ed0( + copy_of_randomness, sampled_coefficients, out); + } + } + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret0[i] = + libcrux_ml_kem_sampling_sample_from_xof_closure_b3(copy_of_out[i]); + } + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_b3( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*A_transpose)[3U], + uint8_t seed[34U], bool transpose) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof_b3(copy_of_seeds, sampled); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_bf( + Eurydice_slice public_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 + *unpacked_public_key) { + Eurydice_slice uu____0 = + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_98( + uu____0, unpacked_public_key->t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] = + unpacked_public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); + libcrux_ml_kem_matrix_sample_matrix_A_b3(uu____1, ret, false); +} + +/** + Take a serialized private key and generate an unpacked key pair from it. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.keys_from_private_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_e2( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) { + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(ind_cpa_secret_key, uu____1); + memcpy( + key_pair->private_key.ind_cpa_private_key.secret_as_ntt, uu____1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_bf( + ind_cpa_public_key, &key_pair->public_key.ind_cpa_public_key); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + ind_cpa_public_key_hash, uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + implicit_rejection_value, uint8_t); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)32U, key_pair->public_key.ind_cpa_public_key.seed_for_A, uint8_t); + Eurydice_slice_copy(uu____2, + Eurydice_slice_subslice_from( + ind_cpa_public_key, (size_t)1152U, uint8_t, size_t), + uint8_t); +} + +/** + Take a serialized private key and generate an unpacked key pair from it. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.keypair_from_private_key +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_keypair_from_private_key_ce( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) { + libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_e2(private_key, + key_pair); +} + +/** + Get an unpacked key from a private key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_from_private_mut( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) { + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_keypair_from_private_key_ce( + private_key, key_pair); +} + /** Get the serialized private key. */ @@ -7335,17 +7020,17 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key_mut( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#3} +K>[TraitClause@0, TraitClause@2])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_89 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 -libcrux_ml_kem_ind_cpa_unpacked_clone_89_ab( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ab( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7372,21 +7057,21 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_89_ab( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#5} +K>[TraitClause@0, TraitClause@2])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_9e +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 -libcrux_ml_kem_ind_cca_unpacked_clone_9e_ab( +libcrux_ml_kem_ind_cca_unpacked_clone_28_ab( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_89_ab(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_ab(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7423,7 +7108,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_9e_ab( + libcrux_ml_kem_ind_cca_unpacked_clone_28_ab( libcrux_ml_kem_ind_cca_unpacked_public_key_de_ab(key_pair)); pk[0U] = uu____0; } @@ -7498,7 +7183,7 @@ generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_a5( libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 @@ -7528,6 +7213,9 @@ static inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { return self[0U]; } +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h deleted file mode 100644 index 52737dadb..000000000 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ /dev/null @@ -1,92 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2024 Cryspen Sarl - * - * SPDX-License-Identifier: MIT or Apache-2.0 - * - * This code was generated with the following revisions: - * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d - */ - -#ifndef __libcrux_mlkem768_avx2_types_H -#define __libcrux_mlkem768_avx2_types_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f6_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_63 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63; - -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 - libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_63 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63; - -typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_63 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 public_key; -} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_avx2_types_H_DEFINED -#endif diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index acaa8a3b9..0d19be20f 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_mlkem768_portable_H @@ -21,7 +21,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" -#include "libcrux_mlkem768_portable_types.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -102,6 +101,10 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; + static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -1085,13 +1088,9 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { - int32_t t = - (int32_t) /* hax_debug_assert!( i32::from(value) > -BARRETT_R && - i32::from(value) < BARRETT_R, "value is {value}" ); */ - value - - * LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); int16_t quotient = (int16_t)(t >> (uint32_t) @@ -1146,12 +1145,7 @@ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = - (int32_t)(int16_t) /* hax_debug_assert!( value >= -FIELD_MODULUS * - MONTGOMERY_R && value <= FIELD_MODULUS * - MONTGOMERY_R, "value is {value}" ); */ - value - - * + (int32_t)(int16_t)value * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; int32_t k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -1233,29 +1227,11 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( static inline uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { - int16_t shifted = - (int16_t)1664 - - (int16_t) /* The approach used here is inspired by: - https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150 - If 833 <= fe <= 2496, then -832 <= shifted <= 831 */ - fe; - int16_t mask = - /* If shifted < 0, then (shifted >> 15) ^ shifted = flip_bits(shifted) = - -shifted - 1, and so if -832 <= shifted < 0 then 0 < shifted_positive - <= 831 If shifted >= 0 then (shifted >> 15) ^ shifted = shifted, and so - if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 */ - shifted - - >> 15U; + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; int16_t shifted_to_positive = mask ^ shifted; int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(/* If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which - means the most significant bit of - shifted_positive_in_range will be 1. */ - shifted_positive_in_range - - >> 15U & - (int16_t)1); + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1284,27 +1260,13 @@ libcrux_ml_kem_vector_portable_compress_1_0d( static KRML_MUSTINLINE uint32_t libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( uint8_t n, uint32_t value) { - return - /* hax_debug_assert!(n == 4 || n == 5 || n == 10 || n == 11 || n == - MONTGOMERY_SHIFT); */ - value - - & ((1U << (uint32_t)n) - 1U); + return value & ((1U << (uint32_t)n) - 1U); } static inline int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = - (uint64_t) /* hax_debug_assert!( coefficient_bits == 4 || coefficient_bits - == 5 || coefficient_bits == 10 || coefficient_bits == 11 ); - hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); This has to - be constant time due to: - https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ - */ - fe - - << (uint32_t)coefficient_bits; + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; compressed = compressed + 1664ULL; compressed = compressed * 10321340ULL; compressed = compressed >> 35U; @@ -2027,11 +1989,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); - /* Here we could also do, the following, but it slows F* down: [r0_4.0, - * r0_4.1, r0_4.2, r0_4.3, r0_4.4, r5_9.0, r5_9.1, r5_9.2, r5_9.3, r5_9.4, - * r10_14.0, r10_14.1, r10_14.2, r10_14.3, r10_14.4, r15_19.0, r15_19.1, - * r15_19.2, r15_19.3, r15_19.4 ] If we can fix the F* for this, the code - * would be more compact. */ uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -2449,6 +2406,15 @@ typedef libcrux_ml_kem_types_MlKemPublicKey_30 LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1d; + /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, @@ -2552,6 +2518,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types @@ -2575,11 +2551,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < - /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| - coefficient.abs() < 1 << COEFFICIENT_BITS)); */ - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) { + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2643,11 +2615,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_c4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < - /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| - coefficient.abs() < 1 << COEFFICIENT_BITS)); */ - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) { + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2864,11 +2832,7 @@ with const generics static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -2957,11 +2921,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < - /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| - coefficient.abs() < 1 << COEFFICIENT_BITS)); */ - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) { + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -3025,11 +2985,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < - /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| - coefficient.abs() < 1 << COEFFICIENT_BITS)); */ - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - i++) { + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -3137,8 +3093,6 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_ntt_multiply_d6_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { - /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient| - * coefficient >= 0 && coefficient < 4096)); */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = libcrux_ml_kem_polynomial_ZERO_d6_8c(); for (size_t i = (size_t)0U; @@ -3184,11 +3138,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b( for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)16U, - /* The semicolon and parentheses at the end of loop are a - workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - self->coefficients, + (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { @@ -3301,13 +3251,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; - i0 < (size_t)128U >> - (uint32_t) /* The semicolon and parentheses at the end of loop are a - workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - layer; - i0++) { + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; @@ -3338,10 +3282,7 @@ with const generics static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = - /* We only ever call this function after matrix/vector multiplication */ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT - - / (size_t)2U; + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_8c(&zeta_i, re, (size_t)1U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8c(&zeta_i, re, (size_t)2U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8c(&zeta_i, re, (size_t)3U); @@ -3533,16 +3474,11 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(/* u := - Decompress_q(Decode_{d_u}(c), - d_u) */ - ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_d0( - Eurydice_array_to_subslice_from( - (size_t)1088U, - /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ - ciphertext, (size_t)960U, uint8_t, size_t)); + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d message = libcrux_ml_kem_matrix_compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt); @@ -3565,8 +3501,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_42(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b( - /* sˆ := Decode_12(sk) */ secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U]; memcpy( @@ -3625,6 +3560,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_41( libcrux_ml_kem_hash_functions_portable_PRF_9e(input, ret); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpackedt_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] = + unpacked_public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); + libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, false); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f(Eurydice_slice public_key) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(); + libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(public_key, + &unpacked_public_key); + return unpacked_public_key; +} + /** A monomorphic instance of K. with types libcrux_ml_kem_polynomial_PolynomialRingElement @@ -4389,12 +4373,7 @@ with const generics static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - step; - i++) { + for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( @@ -4416,10 +4395,7 @@ with const generics static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_8c(/* Due to the small coefficient bound, we - can skip the first round of Montgomery - reductions. */ - re); + libcrux_ml_kem_ntt_ntt_at_layer_7_8c(re); size_t zeta_i = (size_t)1U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U, (size_t)3U); @@ -4629,11 +4605,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = @@ -4761,28 +4733,8 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_d6_8c( libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( result.coefficients[i0], (int16_t)1441); libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp = - libcrux_ml_kem_vector_portable_add_0d( - self->coefficients - [/* FIXME: Eurydice crashes with: Warning 11: in - top-level declaration - libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector: - this expression is not Low*; the enclosing - function cannot be translated into C*: let - mutable ret(Mark.Present,(Mark.AtMost 2), ): - int16_t[16size_t] = $any in - libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add - ((@9: - libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4] - &(((@8: - libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4]) - @0; @0 Warning 11 is fatal, exiting. On the - following code: ```rust result.coefficients[i] - = Vector::barrett_reduce(Vector::add( - coefficient_normal_form, - &Vector::add(self.coefficients[i], - &message.coefficients[i]), )); ``` */ - i0], - &message->coefficients[i0]); + libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0], + &message->coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 = libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4983,14 +4935,9 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0]; - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of - loop are a workaround for the following bug - https://github.com/hacspec/hax/issues/720 */ - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * - ((size_t)960U / (size_t)3U), - uint8_t); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(&re, ret); @@ -5044,11 +4991,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_compress_0d_d1( @@ -5108,11 +5051,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = libcrux_ml_kem_vector_portable_compress_0d_f4( @@ -5203,10 +5142,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := - CBD{η1}(PRF(r, N)) N := N + 1 end - for rˆ := NTT(r) */ - randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5219,7 +5155,6 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a( uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; - /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_23 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b( copy_of_prf_input, domain_separator0); @@ -5228,7 +5163,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a( error_1, uu____3.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; + prf_input[32U] = domain_separator; uint8_t prf_output[128U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_410( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); @@ -5236,12 +5171,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a( libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_1b(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ - public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_1b(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; - /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element = libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c( @@ -5251,14 +5184,12 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U]; - /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); - /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ff( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, @@ -5289,30 +5220,17 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_2a(Eurydice_slice public_key, Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_1b(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b3( - Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ - public_key, (size_t)1152U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 - do for j from 0 to k − 1 do AˆT[i][j] := - Parse(XOF(ρ, i, j)) end for end for */ - public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[3U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____0, ret0, false); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____1 = + unpacked_public_key = + libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f(public_key); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____0 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(uu____1, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + uint8_t ret0[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(uu____0, copy_of_message, + randomness, ret0); + memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t)); } /** @@ -5360,20 +5278,13 @@ libcrux_ml_kem_variant_MlKem with const generics static inline void libcrux_ml_kem_ind_cca_decapsulate_62( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; libcrux_ml_kem_ind_cpa_decrypt_42(ind_cpa_secret_key, ciphertext->value, decrypted); @@ -5388,29 +5299,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_62( uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_e0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_41( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; + Eurydice_slice uu____3 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_2a(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_2a(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_d8_d6( @@ -5702,20 +5613,12 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { for (size_t i = (size_t)0U; - i < - /* The semicolon and parentheses at the end of loop are a workaround for - the following bug https://github.com/hacspec/hax/issues/720 */ - LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = libcrux_ml_kem_vector_traits_to_standard_domain_8c( - self->coefficients[/* The coefficients are of the form aR^{-1} - mod q, which means calling - to_montgomery_domain() on them should - return a mod q. */ - j]); + self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -5747,8 +5650,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0]; - /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. - */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = libcrux_ml_kem_polynomial_ZERO_d6_8c(); t_as_ntt[i0] = uu____0; @@ -5828,9 +5729,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) - := G(d || K) for ML-KEM */ - key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_9c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5863,8 +5762,8 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); libcrux_ml_kem_matrix_compute_As_plus_e_1b( - /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); uint8_t uu____5[32U]; Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); @@ -5996,18 +5895,12 @@ libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_43( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key) { uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_6c(/* pk := (Encode_12(tˆ - mod^{+}q) || ρ) */ - public_key->t_as_ntt, - Eurydice_array_to_slice( - (size_t)32U, - public_key->seed_for_A, - uint8_t), - public_key_serialized); + libcrux_ml_kem_ind_cpa_serialize_public_key_6c( + public_key->t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_89(/* sk := Encode_12(sˆ mod^{+}q) - */ - private_key->secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_89(private_key->secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6269,20 +6162,13 @@ libcrux_ml_kem_variant_Kyber with const generics static inline void libcrux_ml_kem_ind_cca_decapsulate_620( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; libcrux_ml_kem_ind_cpa_decrypt_42(ind_cpa_secret_key, ciphertext->value, decrypted); @@ -6297,29 +6183,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_620( uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_e0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret0 = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_41( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; + Eurydice_slice uu____3 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_2a(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_2a(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_33_d6( @@ -6594,9 +6480,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) - := G(d || K) for ML-KEM */ - key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6629,8 +6513,8 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c0( .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); libcrux_ml_kem_matrix_compute_As_plus_e_1b( - /* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); uint8_t uu____5[32U]; Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); @@ -6756,26 +6640,19 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( Validate an ML-KEM private key. This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - SECRET_KEY_SIZE= 2400 -- CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37( - libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { uint8_t t[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_e0( - Eurydice_array_to_subslice2(/* Eurydice can't access values directly on - the types. We need to go to the `value` - directly. */ - private_key->value, (size_t)384U * (size_t)3U, + Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), t); @@ -6787,7 +6664,28 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37( } /** - Portable private key validation + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key); +} + +/** + Private key validation */ /** A monomorphic instance of @@ -6817,6 +6715,33 @@ static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( private_key, ciphertext); } +/** + Private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with +const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +*/ +static KRML_MUSTINLINE bool +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { + return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key); +} + +/** + Validate the private key only. + + Returns `true` if valid, and `false` otherwise. +*/ +static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key_only( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41( + private_key); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with @@ -6924,7 +6849,7 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_6c( } /** - Portable public key validation + Public key validation */ /** A monomorphic instance of @@ -6951,6 +6876,38 @@ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( public_key->value); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; + /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7058,7 +7015,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -7169,7 +7126,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_c2 +static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { @@ -7352,7 +7309,7 @@ const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_c6( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { @@ -7512,6 +7469,90 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { return libcrux_ml_kem_ind_cca_unpacked_default_1c_1b(); } +/** + Take a serialized private key and generate an unpacked key pair from it. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.keys_from_private_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_df( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + Eurydice_slice_uint8_t_x4 uu____0 = + libcrux_ml_kem_types_unpack_private_key_b4( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice ind_cpa_public_key = uu____0.snd; + Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; + Eurydice_slice implicit_rejection_value = uu____0.f3; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(ind_cpa_secret_key, uu____1); + memcpy( + key_pair->private_key.ind_cpa_private_key.secret_as_ntt, uu____1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f( + ind_cpa_public_key, &key_pair->public_key.ind_cpa_public_key); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + ind_cpa_public_key_hash, uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + implicit_rejection_value, uint8_t); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)32U, key_pair->public_key.ind_cpa_public_key.seed_for_A, uint8_t); + Eurydice_slice_copy(uu____2, + Eurydice_slice_subslice_from( + ind_cpa_public_key, (size_t)1152U, uint8_t, size_t), + uint8_t); +} + +/** + Take a serialized private key and generate an unpacked key pair from it. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.keypair_from_private_key +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- T_AS_NTT_ENCODED_SIZE= 1152 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_ce( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_df(private_key, + key_pair); +} + +/** + Get an unpacked key from a private key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_from_private_mut( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_ce( + private_key, key_pair); +} + /** Get the serialized private key. */ @@ -7723,16 +7764,16 @@ libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key_mut( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#3} +K>[TraitClause@0, TraitClause@2])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_89 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_89_1b( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_1b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7759,20 +7800,20 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_89_1b( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#5} +K>[TraitClause@0, TraitClause@2])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_9e +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_9e_1b( +libcrux_ml_kem_ind_cca_unpacked_clone_28_1b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_89_1b(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_1b(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7807,7 +7848,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_9e_1b( + libcrux_ml_kem_ind_cca_unpacked_clone_28_1b( libcrux_ml_kem_ind_cca_unpacked_public_key_de_1b(key_pair)); pk[0U] = uu____0; } @@ -7880,7 +7921,7 @@ const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static inline void +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_a5( libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h deleted file mode 100644 index 1b929c571..000000000 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * SPDX-FileCopyrightText: 2024 Cryspen Sarl - * - * SPDX-License-Identifier: MIT or Apache-2.0 - * - * This code was generated with the following revisions: - * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d - */ - -#ifndef __libcrux_mlkem768_portable_types_H -#define __libcrux_mlkem768_portable_types_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "eurydice_glue.h" - -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s { - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1d; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -typedef struct - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; - -#if defined(__cplusplus) -} -#endif - -#define __libcrux_mlkem768_portable_types_H_DEFINED -#endif diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 811a9b876..eacedf9cc 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_sha3_avx2_H @@ -104,9 +104,7 @@ libcrux_sha3_simd_avx2_and_not_xor_ef(__m256i a, __m256i b, __m256i c) { KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veorq_n_u64(__m256i a, uint64_t c) { - __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x( - (int64_t) /* Casting here is required, doesn't change the value. */ - c); + __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); } @@ -1701,7 +1699,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_5b( __m256i); __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( (int32_t)32, - s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U] + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], @@ -2036,15 +2034,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = { - /* XXX: These functions could alternatively implement the same with the - portable implementation #[cfg(feature = "simd128")] { keccakx2::<136, - 0x1fu8>([input0, input1], [out0, out1]); keccakx2::<136, - 0x1fu8>([input2, input3], [out2, out3]); } { keccakx1::<136, - 0x1fu8>([input0], [out0]); keccakx1::<136, 0x1fu8>([input1], [out1]); - keccakx1::<136, 0x1fu8>([input2], [out2]); keccakx1::<136, - 0x1fu8>([input3], [out3]); } */ - input0, input1, input2, input3}; + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; libcrux_sha3_generic_keccak_keccak_fb(buf0, buf); } @@ -2284,7 +2274,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_3a( __m256i); __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( (int32_t)32, - s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U] + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 3b958816e..4385a2852 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c - * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 + * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 764d9d62e64cf9c9942b26057245b87e9e4b722d + * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 */ #ifndef __libcrux_sha3_portable_H @@ -1654,7 +1654,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out); } @@ -2013,7 +2012,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out); } @@ -2142,7 +2140,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out); } @@ -2749,7 +2746,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out); } @@ -3108,7 +3104,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out); } @@ -3404,7 +3399,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; - /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out); } @@ -3502,7 +3496,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1) { - /* TODO: make argument ordering consistent */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -3517,9 +3510,6 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { */ static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_init(void) { - /* XXX: These functions could alternatively implement the same with the - * portable implementation { let s0 = KeccakState::new(); let s1 = - * KeccakState::new(); [s0, s1] } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -3532,10 +3522,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - /* XXX: These functions could alternatively implement the same with the - * portable implementation { let [mut s0, mut s1] = s; - * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1, - * data1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -3549,10 +3535,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - /* XXX: These functions could alternatively implement the same with the - * portable implementation { let [mut s0, mut s1] = s; - * shake128_squeeze_first_three_blocks(&mut s0, out0); - * shake128_squeeze_first_three_blocks(&mut s1, out1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -3566,10 +3548,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - /* XXX: These functions could alternatively implement the same with the - * portable implementation { let [mut s0, mut s1] = s; - * shake128_squeeze_next_block(&mut s0, out0); - * shake128_squeeze_next_block(&mut s1, out1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -3594,10 +3572,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake256_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - /* XXX: These functions could alternatively implement the same with the - * portable implementation { let [mut s0, mut s1] = s; - * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1, - * data1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -3759,13 +3733,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6( size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { - if ( - /* There's something buffered internally to consume. */ self->buf_len + - input_len >= - (size_t)136U) { - consumed = (size_t)136U - /* We have enough data when combining the - internal buffer and the input. */ - self->buf_len; + if (self->buf_len + input_len >= (size_t)136U) { + consumed = (size_t)136U - self->buf_len; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -3871,9 +3840,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6( memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs); - if ( - /* ... buffer the rest if there's not enough input (left). */ - input_remainder_len > (size_t)0U) { + if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; @@ -4220,13 +4187,8 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60( size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { - if ( - /* There's something buffered internally to consume. */ self->buf_len + - input_len >= - (size_t)168U) { - consumed = (size_t)168U - /* We have enough data when combining the - internal buffer and the input. */ - self->buf_len; + if (self->buf_len + input_len >= (size_t)168U) { + consumed = (size_t)168U - self->buf_len; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4332,9 +4294,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60( memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs); - if ( - /* ... buffer the rest if there's not enough input (left). */ - input_remainder_len > (size_t)0U) { + if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; @@ -4724,13 +4684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6( size_t blocks = out_len / (size_t)136U; size_t last = out_len - out_len % (size_t)136U; size_t mid; - if ((size_t)136U >= - /* Squeeze out one to start with. XXX: Eurydice does not extract - `core::cmp::min`, so we do this instead. (cf. - https://github.com/AeneasVerif/eurydice/issues/49) */ - out_len - - ) { + if ((size_t)136U >= out_len) { mid = out_len; } else { mid = (size_t)136U; @@ -4744,11 +4698,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6( libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00); core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_08){ - .start = (size_t)1U, - .end = /* If we got asked for more than one block, squeeze out - more. */ - blocks}), + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, + .end = blocks}), core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( @@ -4757,11 +4708,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we - always have full - blocks to write out. - */ - out_rest, + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, (size_t)136U); Eurydice_slice out0[1U]; memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -4856,13 +4803,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60( size_t blocks = out_len / (size_t)168U; size_t last = out_len - out_len % (size_t)168U; size_t mid; - if ((size_t)168U >= - /* Squeeze out one to start with. XXX: Eurydice does not extract - `core::cmp::min`, so we do this instead. (cf. - https://github.com/AeneasVerif/eurydice/issues/49) */ - out_len - - ) { + if ((size_t)168U >= out_len) { mid = out_len; } else { mid = (size_t)168U; @@ -4876,11 +4817,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60( libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00); core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_08){ - .start = (size_t)1U, - .end = /* If we got asked for more than one block, squeeze out - more. */ - blocks}), + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, + .end = blocks}), core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( @@ -4889,11 +4827,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we - always have full - blocks to write out. - */ - out_rest, + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, (size_t)168U); Eurydice_slice out0[1U]; memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); From 76be5813ea48977a7e122f6af350f1a5324b2cb6 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Fri, 11 Oct 2024 08:44:48 +0000 Subject: [PATCH 10/17] more mlkem private functions --- libcrux-ml-kem/cg.yaml | 28 ----- libcrux-ml-kem/src/ind_cca.rs | 112 +++++++++++-------- libcrux-ml-kem/src/ind_cca/instantiations.rs | 43 ++++++- libcrux-ml-kem/src/ind_cpa.rs | 1 - libcrux-ml-kem/src/mlkem1024.rs | 15 ++- libcrux-ml-kem/src/mlkem512.rs | 15 ++- libcrux-ml-kem/src/mlkem768.rs | 15 ++- libcrux-ml-kem/src/types.rs | 18 +++ 8 files changed, 165 insertions(+), 82 deletions(-) diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 31b7e5e68..e2aecda52 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -45,34 +45,6 @@ files: monomorphizations_using: - [libcrux_sha3, "*"] - # Header with types only - - - name: libcrux_mlkem768_avx2_types - inline_static: true - api: - monomorphizations_exact: - - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768KeyPairUnpacked ] - - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768PublicKeyUnpacked ] - - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_63 ] - - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_63 ] - - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_63 ] - - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_63 ] - - [ libcrux_ml_kem, polynomial, PolynomialRingElement_f6 ] - - [ libcrux_ml_kem, vector, avx2, SIMD256Vector ] - - - name: libcrux_mlkem768_portable_types - inline_static: true - api: - monomorphizations_exact: - - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768KeyPairUnpacked ] - - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768PublicKeyUnpacked ] - - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_a0 ] - - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_a0 ] - - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_a0 ] - - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_a0 ] - - [ libcrux_ml_kem, polynomial, PolynomialRingElement_1d ] - - [ libcrux_ml_kem, vector, portable, vector_type, PortableVector ] - # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS - name: libcrux_core inline_static: true diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 047ed996d..05d4a0969 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -113,6 +113,16 @@ fn validate_private_key< >( private_key: &MlKemPrivateKey, _ciphertext: &MlKemCiphertext, +) -> bool { + validate_private_key_only::(private_key) +} + +/// Validate an ML-KEM private key. +/// +/// This implements the Hash check in 7.3 3. +#[inline(always)] +fn validate_private_key_only>( + private_key: &MlKemPrivateKey, ) -> bool { // Eurydice can't access values directly on the types. We need to go to the // `value` directly. @@ -244,7 +254,7 @@ pub(crate) fn decapsulate< ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { let (ind_cpa_secret_key, ind_cpa_public_key, ind_cpa_public_key_hash, implicit_rejection_value) = - unpack_private_key::(private_key); + unpack_private_key::(&private_key.value); let decrypted = crate::ind_cpa::decrypt::< K, @@ -295,25 +305,6 @@ pub(crate) fn decapsulate< ) } -/// Unpack an incoming private key into it's different parts. -fn unpack_private_key< - const SECRET_KEY_SIZE: usize, - const CPA_SECRET_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, ->( - private_key: &MlKemPrivateKey, -) -> (&[u8], &[u8], &[u8], &[u8]) { - let (ind_cpa_secret_key, secret_key) = private_key.value.split_at(CPA_SECRET_KEY_SIZE); - let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE); - let (ind_cpa_public_key_hash, implicit_rejection_value) = secret_key.split_at(H_DIGEST_SIZE); - ( - ind_cpa_secret_key, - ind_cpa_public_key, - ind_cpa_public_key_hash, - implicit_rejection_value, - ) -} - /// Types for the unpacked API. pub(crate) mod unpacked { use core::array::from_fn; @@ -424,6 +415,55 @@ pub(crate) mod unpacked { } } + /// Take a serialized private key and generate an unpacked key pair from it. + #[inline(always)] + pub fn keys_from_private_key< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + Vector: Operations, + >( + private_key: &MlKemPrivateKey, + key_pair: &mut MlKemKeyPairUnpacked, + ) { + let ( + ind_cpa_secret_key, + ind_cpa_public_key, + ind_cpa_public_key_hash, + implicit_rejection_value, + ) = unpack_private_key::(&private_key.value); + // // XXX: We need to copy_from_slice here because eurydice fails with + // // the assignment + // out.private_key + // .ind_cpa_private_key + // .secret_as_ntt + // .copy_from_slice(&ind_cpa::deserialize_secret_key::( + // ind_cpa_secret_key, + // )); + key_pair.private_key.ind_cpa_private_key.secret_as_ntt = + ind_cpa::deserialize_secret_key::(ind_cpa_secret_key); + ind_cpa::build_unpacked_public_key_mut::>( + ind_cpa_public_key, + &mut key_pair.public_key.ind_cpa_public_key, + ); + key_pair + .public_key + .public_key_hash + .copy_from_slice(ind_cpa_public_key_hash); + key_pair + .private_key + .implicit_rejection_value + .copy_from_slice(implicit_rejection_value); + key_pair + .public_key + .ind_cpa_public_key + .seed_for_A + .copy_from_slice(&ind_cpa_public_key[T_AS_NTT_ENCODED_SIZE..]); + } + impl MlKemKeyPairUnpacked { /// Create a new empty unpacked key pair. #[inline(always)] @@ -432,10 +472,6 @@ pub(crate) mod unpacked { } /// Take a serialized private key and generate an unpacked key pair from it. - /// - /// Note that we can't restore the seed for A. But it's not needed. - /// However, the unpacked public key in a key generated like this - /// is not fully usable (serializable). #[inline(always)] pub fn from_private_key< const SECRET_KEY_SIZE: usize, @@ -447,29 +483,15 @@ pub(crate) mod unpacked { private_key: &MlKemPrivateKey, ) -> Self { let mut out = Self::default(); - let ( - ind_cpa_secret_key, - ind_cpa_public_key, - ind_cpa_public_key_hash, - implicit_rejection_value, - ) = unpack_private_key::( - private_key, - ); - out.private_key.ind_cpa_private_key.secret_as_ntt = - ind_cpa::deserialize_secret_key::(ind_cpa_secret_key); - ind_cpa::build_unpacked_public_key_mut::< + keys_from_private_key::< K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, T_AS_NTT_ENCODED_SIZE, Vector, - PortableHash, - >(ind_cpa_public_key, &mut out.public_key.ind_cpa_public_key); - out.public_key - .public_key_hash - .copy_from_slice(ind_cpa_public_key_hash); - out.private_key - .implicit_rejection_value - .copy_from_slice(implicit_rejection_value); - + >(private_key, &mut out); out } @@ -610,7 +632,6 @@ pub(crate) mod unpacked { } } out.public_key.ind_cpa_public_key.A = A; - out.private_key.implicit_rejection_value = implicit_rejection_value.try_into().unwrap(); let pk_serialized = serialize_public_key::( @@ -618,6 +639,7 @@ pub(crate) mod unpacked { &out.public_key.ind_cpa_public_key.seed_for_A, ); out.public_key.public_key_hash = Hasher::H(&pk_serialized); + out.private_key.implicit_rejection_value = implicit_rejection_value.try_into().unwrap(); } // Encapsulate with Unpacked Public Key diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index a1b76a978..2159b1c54 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -58,7 +58,7 @@ macro_rules! instantiate { >(randomness) } - /// Portable public key validation + /// Public key validation #[inline(always)] pub(crate) fn validate_public_key< const K: usize, @@ -75,7 +75,7 @@ macro_rules! instantiate { >(public_key) } - /// Portable private key validation + /// Private key validation #[inline(always)] pub(crate) fn validate_private_key< const K: usize, @@ -91,6 +91,17 @@ macro_rules! instantiate { ) } + /// Private key validation + #[inline(always)] + pub(crate) fn validate_private_key_only< + const K: usize, + const SECRET_KEY_SIZE: usize, + >( + private_key: &MlKemPrivateKey, + ) -> bool { + crate::ind_cca::validate_private_key_only::(private_key) + } + /// Portable encapsulate #[cfg(feature = "kyber")] pub(crate) fn kyber_encapsulate< @@ -270,6 +281,7 @@ macro_rules! instantiate { crate::ind_cca::unpacked::MlKemPublicKeyUnpacked; /// Get the unpacked public key. + #[inline(always)] pub(crate) fn unpack_public_key< const K: usize, const T_AS_NTT_ENCODED_SIZE: usize, @@ -289,7 +301,32 @@ macro_rules! instantiate { >(public_key, unpacked_public_key) } + /// Take a serialized private key and generate an unpacked key pair from it. + #[inline(always)] + pub(crate) fn keypair_from_private_key< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + >( + private_key: &MlKemPrivateKey, + key_pair: &mut MlKemKeyPairUnpacked, + ) { + crate::ind_cca::unpacked::keys_from_private_key::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + T_AS_NTT_ENCODED_SIZE, + $vector, + >(private_key, key_pair); + } + /// Generate a key pair + #[inline(always)] pub(crate) fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, @@ -317,6 +354,7 @@ macro_rules! instantiate { } /// Unpacked encapsulate + #[inline(always)] pub(crate) fn encapsulate< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -355,6 +393,7 @@ macro_rules! instantiate { } /// Unpacked decapsulate + #[inline(always)] pub(crate) fn decapsulate< const K: usize, const SECRET_KEY_SIZE: usize, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index a13f08bfb..3ef74a0ba 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -26,7 +26,6 @@ pub mod unpacked { use crate::{polynomial::PolynomialRingElement, vector::traits::Operations}; /// An unpacked ML-KEM IND-CPA Private Key - #[derive(Clone)] pub(crate) struct IndCpaPrivateKeyUnpacked { pub(crate) secret_as_ntt: [PolynomialRingElement; K], } diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 5ec6d7128..54492e142 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -77,6 +77,18 @@ macro_rules! instantiate { >(private_key, ciphertext) } + /// Validate the private key only. + /// + /// Returns `true` if valid, and `false` otherwise. + pub fn validate_private_key_only( + private_key: &MlKem1024PrivateKey, + ) -> bool { + p::validate_private_key_only::< + RANK_1024, + SECRET_KEY_SIZE_1024, + >(private_key) + } + /// Generate Kyber 1024 Key Pair #[cfg(feature = "kyber")] #[cfg_attr(docsrs, doc(cfg(feature = "kyber")))] @@ -274,9 +286,8 @@ macro_rules! instantiate { } /// Get an unpacked key from a private key. - /// Note that this is missing the seed of A, which is unrecoverable. pub fn key_pair_from_private_mut(private_key: &MlKem1024PrivateKey, key_pair: &mut MlKem1024KeyPairUnpacked) { - *key_pair = MlKem1024KeyPairUnpacked::from_private_key::(private_key); + p::unpacked::keypair_from_private_key::(private_key, key_pair); } /// Get the unpacked public key. diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 0f85681b0..0661b5c75 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -75,6 +75,18 @@ macro_rules! instantiate { >(private_key, ciphertext) } + /// Validate the private key only. + /// + /// Returns `true` if valid, and `false` otherwise. + pub fn validate_private_key_only( + private_key: &MlKem512PrivateKey, + ) -> bool { + p::validate_private_key_only::< + RANK_512, + SECRET_KEY_SIZE_512, + >(private_key) + } + /// Generate ML-KEM 512 Key Pair pub fn generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], @@ -271,9 +283,8 @@ macro_rules! instantiate { } /// Get an unpacked key from a private key. - /// Note that this is missing the seed of A, which is unrecoverable. pub fn key_pair_from_private_mut(private_key: &MlKem512PrivateKey, key_pair: &mut MlKem512KeyPairUnpacked) { - *key_pair = MlKem512KeyPairUnpacked::from_private_key::(private_key); + p::unpacked::keypair_from_private_key::(private_key, key_pair); } /// Get the unpacked public key. diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 82eb5ab4f..67b70adcb 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -77,6 +77,18 @@ macro_rules! instantiate { >(private_key, ciphertext) } + /// Validate the private key only. + /// + /// Returns `true` if valid, and `false` otherwise. + pub fn validate_private_key_only( + private_key: &MlKem768PrivateKey, + ) -> bool { + p::validate_private_key_only::< + RANK_768, + SECRET_KEY_SIZE_768, + >(private_key) + } + /// Generate ML-KEM 768 Key Pair pub fn generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], @@ -267,9 +279,8 @@ macro_rules! instantiate { } /// Get an unpacked key from a private key. - /// Note that this is missing the seed of A, which is unrecoverable. pub fn key_pair_from_private_mut(private_key: &MlKem768PrivateKey, key_pair: &mut MlKem768KeyPairUnpacked) { - *key_pair = MlKem768KeyPairUnpacked::from_private_key::(private_key); + p::unpacked::keypair_from_private_key::(private_key, key_pair); } /// Get the unpacked public key. diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index b13a8e8dd..a843f819f 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -195,3 +195,21 @@ impl (self.sk, self.pk) } } + +/// Unpack an incoming private key into it's different parts. +/// +/// We have this here in types to extract into a common core for C. +pub(crate) fn unpack_private_key( + private_key: &[u8], // len: SECRET_KEY_SIZE +) -> (&[u8], &[u8], &[u8], &[u8]) { + let (ind_cpa_secret_key, secret_key) = private_key.split_at(CPA_SECRET_KEY_SIZE); + let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE); + let (ind_cpa_public_key_hash, implicit_rejection_value) = + secret_key.split_at(crate::constants::H_DIGEST_SIZE); + ( + ind_cpa_secret_key, + ind_cpa_public_key, + ind_cpa_public_key_hash, + implicit_rejection_value, + ) +} From 86227ec435cd3b98fabfa773a17b8c954bdbfce3 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 15 Oct 2024 08:06:06 +0000 Subject: [PATCH 11/17] fixes --- libcrux-ml-kem/src/ind_cca.rs | 21 +++++++++++---------- libcrux-ml-kem/tests/nistkats.rs | 2 +- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 05d4a0969..428b891aa 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -435,16 +435,17 @@ pub(crate) mod unpacked { ind_cpa_public_key_hash, implicit_rejection_value, ) = unpack_private_key::(&private_key.value); - // // XXX: We need to copy_from_slice here because eurydice fails with - // // the assignment - // out.private_key - // .ind_cpa_private_key - // .secret_as_ntt - // .copy_from_slice(&ind_cpa::deserialize_secret_key::( - // ind_cpa_secret_key, - // )); - key_pair.private_key.ind_cpa_private_key.secret_as_ntt = - ind_cpa::deserialize_secret_key::(ind_cpa_secret_key); + + // XXX: We need to copy_from_slice here because karamel can't handle + // the assignment cf. https://github.com/FStarLang/karamel/pull/491 + + key_pair + .private_key + .ind_cpa_private_key + .secret_as_ntt + .copy_from_slice(&ind_cpa::deserialize_secret_key::( + ind_cpa_secret_key, + )); ind_cpa::build_unpacked_public_key_mut::>( ind_cpa_public_key, &mut key_pair.public_key.ind_cpa_public_key, diff --git a/libcrux-ml-kem/tests/nistkats.rs b/libcrux-ml-kem/tests/nistkats.rs index 9c3cdd1fd..c597b2bac 100644 --- a/libcrux-ml-kem/tests/nistkats.rs +++ b/libcrux-ml-kem/tests/nistkats.rs @@ -46,7 +46,7 @@ macro_rules! impl_nist_known_answer_tests { #[cfg(feature = "pre-verification")] assert!(validate_public_key(key_pair.public_key())); - #[cfg(feature = "pre-verification")] + #[cfg(all(feature = "pre-verification", not(feature = "kyber")))] { let unpacked_keys = unpacked::generate_key_pair(kat.key_generation_seed); From 9f6ddc61e0cfec3e2b6791f6ac09233351f2a782 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 15 Oct 2024 08:06:22 +0000 Subject: [PATCH 12/17] re-extract C --- libcrux-ml-kem/c/code_gen.txt | 6 +++--- libcrux-ml-kem/c/internal/libcrux_core.h | 6 +++--- .../c/internal/libcrux_mlkem_avx2.h | 6 +++--- .../c/internal/libcrux_mlkem_portable.h | 6 +++--- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +++--- .../c/internal/libcrux_sha3_internal.h | 6 +++--- libcrux-ml-kem/c/libcrux_core.c | 6 +++--- libcrux-ml-kem/c/libcrux_core.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 +++--- libcrux-ml-kem/c/libcrux_sha3.h | 6 +++--- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 6 +++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 6 +++--- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +++--- libcrux-ml-kem/c/libcrux_sha3_neon.c | 6 +++--- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +++--- libcrux-ml-kem/cg/code_gen.txt | 6 +++--- libcrux-ml-kem/cg/libcrux_core.h | 6 +++--- libcrux-ml-kem/cg/libcrux_ct_ops.h | 6 +++--- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 21 ++++++++++++------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 21 ++++++++++++------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 6 +++--- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 6 +++--- 40 files changed, 140 insertions(+), 130 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 841294d90..2e22eab77 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 -Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 -Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 +Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 +Karamel: 8c3612018c25889288da6857771be3ad03b75bcd F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 +Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index b2772b11e..a0381ed6a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index ea24301b4..92522b699 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index d77498ba8..a90a7b18d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index bfd1569b4..003fbd8ee 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 56417df4c..c23f5a0f3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index d96a6b701..fe23b8463 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 792a5e27e..a76feeeaa 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index a3d9fe40c..e4c7008f7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index d06483fdb..72a1a98a7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 9f3b981a5..8ca7a9720 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 4d3bd9ad9..10f0b1fb7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index fb5b41a46..45f8bcfd4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 3540af74c..6e717878f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 1b318be8c..5d9ff72d7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 4c7acc723..669e98b4e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index eb3065b12..bb6841117 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index e2e4a42b2..35a235896 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index b163bbc2e..afd2ddfb5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 14b284837..32cd87486 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index d1d95f92a..ac6658417 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 30d565fed..3f1afdc32 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 8e27d45dd..4af44382a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index e3a605234..7044eaa02 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 91e449b9f..fcbeafcf4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4d296b95a..3489c48b9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 71609b138..323ba861a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 399fe2676..002ce6b2b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 3654b0146..337305c5b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 91cdb8ea4..1e2f53358 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 5f6d73eac..14985c821 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 5a9ec21e5..aae5027cd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 9c50ca0b5..f32a3a0a2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 841294d90..2e22eab77 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 -Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 -Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 +Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 +Karamel: 8c3612018c25889288da6857771be3ad03b75bcd F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 +Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 3b4b602d1..05c101904 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 9530ce1dd..97a848756 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 805537b9f..f90fffe3d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem768_avx2_H @@ -6743,11 +6743,16 @@ libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_e2( Eurydice_slice ind_cpa_public_key = uu____0.snd; Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; Eurydice_slice implicit_rejection_value = uu____0.f3; - libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(ind_cpa_secret_key, uu____1); - memcpy( - key_pair->private_key.ind_cpa_private_key.secret_as_ntt, uu____1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)3U, key_pair->private_key.ind_cpa_private_key.secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(ind_cpa_secret_key, ret); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_slice( + (size_t)3U, ret, libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_bf( ind_cpa_public_key, &key_pair->public_key.ind_cpa_public_key); Eurydice_slice_copy( diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 0d19be20f..54e5d86a0 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_mlkem768_portable_H @@ -7495,11 +7495,16 @@ libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_df( Eurydice_slice ind_cpa_public_key = uu____0.snd; Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; Eurydice_slice implicit_rejection_value = uu____0.f3; - libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(ind_cpa_secret_key, uu____1); - memcpy( - key_pair->private_key.ind_cpa_private_key.secret_as_ntt, uu____1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)3U, key_pair->private_key.ind_cpa_private_key.secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_1b(ind_cpa_secret_key, ret); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_slice( + (size_t)3U, ret, libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f( ind_cpa_public_key, &key_pair->public_key.ind_cpa_public_key); Eurydice_slice_copy( diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index eacedf9cc..50f7aff9a 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 4385a2852..f61a7f14b 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: 809fdf7ceb408768cdd5daa922193446a5029701 - * Karamel: b8f4b173b3114cd75be57bb93a8ecf165b8b5ec5 + * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2c499138797cf5252a22f3b7244fc663393f2083 + * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 */ #ifndef __libcrux_sha3_portable_H From d4a72f038b36e2ebcc1891484a2f10665daae3ed Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 15 Oct 2024 11:11:22 +0200 Subject: [PATCH 13/17] fixup arm code --- libcrux-ml-kem/cg/benches/mlkem768.cc | 8 ++++---- libcrux-ml-kem/cg/tests/mlkem768.cc | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libcrux-ml-kem/cg/benches/mlkem768.cc b/libcrux-ml-kem/cg/benches/mlkem768.cc index 7ce70a7e1..85928cc1e 100644 --- a/libcrux-ml-kem/cg/benches/mlkem768.cc +++ b/libcrux-ml-kem/cg/benches/mlkem768.cc @@ -35,11 +35,11 @@ kyber768_key_generation_unpacked(benchmark::State &state) uint8_t randomness[64]; generate_random(randomness, 64); libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair); for (auto _ : state) { - libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair); } } @@ -66,7 +66,7 @@ kyber768_encapsulation_unpacked(benchmark::State &state) generate_random(randomness, 64); libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair); generate_random(randomness, 32); auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness); @@ -102,7 +102,7 @@ kyber768_decapsulation_unpacked(benchmark::State &state) generate_random(randomness, 64); libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair); generate_random(randomness, 32); auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness); diff --git a/libcrux-ml-kem/cg/tests/mlkem768.cc b/libcrux-ml-kem/cg/tests/mlkem768.cc index 947171f58..64abd5c88 100644 --- a/libcrux-ml-kem/cg/tests/mlkem768.cc +++ b/libcrux-ml-kem/cg/tests/mlkem768.cc @@ -106,7 +106,7 @@ TEST(MlKem768TestPortableUnpacked, ConsistencyTest) keygen_randomness[i] = 13; } libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(keygen_randomness, &key_pair); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(keygen_randomness, &key_pair); uint8_t encap_randomness[32]; for (int i = 0; i < 32; i++) From ebd4c0b8e860dfdbf399f902a80fb3100462a9a6 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 15 Oct 2024 09:21:24 +0000 Subject: [PATCH 14/17] C test fixes --- libcrux-ml-kem/c/benches/mlkem768.cc | 2 +- libcrux-ml-kem/c/benches/mlkem768_encaps.cc | 2 +- libcrux-ml-kem/c/benches/mlkem768_keygen.cc | 2 +- libcrux-ml-kem/cg/benches/mlkem768.cc | 16 ++++++++-------- libcrux-ml-kem/cg/tests/mlkem768.cc | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc index 1efe8a607..ad97886b8 100644 --- a/libcrux-ml-kem/c/benches/mlkem768.cc +++ b/libcrux-ml-kem/c/benches/mlkem768.cc @@ -14,7 +14,7 @@ void generate_random(uint8_t *output, uint32_t output_len) { - for (int i = 0; i < output_len; i++) + for (uint32_t i = 0; i < output_len; i++) output[i] = 13; } diff --git a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc index d7c2a5076..e7212a944 100644 --- a/libcrux-ml-kem/c/benches/mlkem768_encaps.cc +++ b/libcrux-ml-kem/c/benches/mlkem768_encaps.cc @@ -14,7 +14,7 @@ void generate_random(uint8_t *output, uint32_t output_len) { - for (int i = 0; i < output_len; i++) + for (uint32_t i = 0; i < output_len; i++) output[i] = 13; } diff --git a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc index a7271277f..b557d16b9 100644 --- a/libcrux-ml-kem/c/benches/mlkem768_keygen.cc +++ b/libcrux-ml-kem/c/benches/mlkem768_keygen.cc @@ -14,7 +14,7 @@ void generate_random(uint8_t *output, uint32_t output_len) { - for (int i = 0; i < output_len; i++) + for (uint32_t i = 0; i < output_len; i++) output[i] = 13; } diff --git a/libcrux-ml-kem/cg/benches/mlkem768.cc b/libcrux-ml-kem/cg/benches/mlkem768.cc index 7ce70a7e1..02c0cbbb1 100644 --- a/libcrux-ml-kem/cg/benches/mlkem768.cc +++ b/libcrux-ml-kem/cg/benches/mlkem768.cc @@ -35,11 +35,11 @@ kyber768_key_generation_unpacked(benchmark::State &state) uint8_t randomness[64]; generate_random(randomness, 64); libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair); for (auto _ : state) { - libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair); } } @@ -66,7 +66,7 @@ kyber768_encapsulation_unpacked(benchmark::State &state) generate_random(randomness, 64); libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair); generate_random(randomness, 32); auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness); @@ -102,7 +102,7 @@ kyber768_decapsulation_unpacked(benchmark::State &state) generate_random(randomness, 64); libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(randomness, &key_pair); generate_random(randomness, 32); auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness); @@ -201,12 +201,12 @@ kyber768_key_generation_avx2_unpacked(benchmark::State &state) generate_random(randomness, 64); libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(randomness, &key_pair); for (auto _ : state) { libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(randomness, &key_pair); } } @@ -233,7 +233,7 @@ kyber768_encapsulation_avx2_unpacked(benchmark::State &state) generate_random(randomness, 64); libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(randomness, &key_pair); generate_random(randomness, 32); auto ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, randomness); @@ -269,7 +269,7 @@ kyber768_decapsulation_avx2_unpacked(benchmark::State &state) generate_random(randomness, 64); libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(randomness, &key_pair); generate_random(randomness, 32); auto ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, randomness); diff --git a/libcrux-ml-kem/cg/tests/mlkem768.cc b/libcrux-ml-kem/cg/tests/mlkem768.cc index 947171f58..d9178a7fa 100644 --- a/libcrux-ml-kem/cg/tests/mlkem768.cc +++ b/libcrux-ml-kem/cg/tests/mlkem768.cc @@ -106,7 +106,7 @@ TEST(MlKem768TestPortableUnpacked, ConsistencyTest) keygen_randomness[i] = 13; } libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(keygen_randomness, &key_pair); + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(keygen_randomness, &key_pair); uint8_t encap_randomness[32]; for (int i = 0; i < 32; i++) @@ -266,7 +266,7 @@ TEST(MlKem768TestAvx2Unpacked, ConsistencyTest) keygen_randomness[i] = 13; } libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; - libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(keygen_randomness, &key_pair); + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair_mut(keygen_randomness, &key_pair); uint8_t encap_randomness[32]; for (int i = 0; i < 32; i++) From 150df2319c18ad9912639a9541adddd0d0e40015 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 13 Nov 2024 15:34:29 +0000 Subject: [PATCH 15/17] fixup merge --- .../src/ind_cca/instantiations/avx2.rs | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs b/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs index 9dff8843a..5f157230b 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations/avx2.rs @@ -172,6 +172,18 @@ pub(crate) fn validate_private_key< } } +/// Private key validation +#[inline(always)] +pub(crate) fn validate_private_key_only( + private_key: &MlKemPrivateKey, +) -> bool { + crate::ind_cca::validate_private_key_only::< + K, + SECRET_KEY_SIZE, + crate::hash_functions::avx2::Simd256Hash, + >(private_key) +} + #[allow(unsafe_code)] #[cfg(feature = "kyber")] #[cfg_attr(not(hax), target_feature(enable = "avx2"))] @@ -564,6 +576,30 @@ pub(crate) mod unpacked { } } + /// Take a serialized private key and generate an unpacked key pair from it. + #[inline(always)] + pub(crate) fn keypair_from_private_key< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + >( + private_key: &MlKemPrivateKey, + key_pair: &mut MlKemKeyPairUnpacked, + ) { + crate::ind_cca::unpacked::keys_from_private_key::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + T_AS_NTT_ENCODED_SIZE, + crate::vector::SIMD256Vector, + >(private_key, key_pair); + } + #[allow(unsafe_code)] #[cfg_attr(not(hax), target_feature(enable = "avx2"))] unsafe fn generate_keypair_avx2< From 122ee3d193e33f55c2324ee84f974e647255f545 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 13 Nov 2024 15:59:57 +0000 Subject: [PATCH 16/17] update C extraction --- libcrux-ml-kem/c/code_gen.txt | 4 ++-- libcrux-ml-kem/c/internal/libcrux_core.h | 4 ++-- .../c/internal/libcrux_mlkem_avx2.h | 4 ++-- .../c/internal/libcrux_mlkem_portable.h | 4 ++-- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 ++-- .../c/internal/libcrux_sha3_internal.h | 4 ++-- libcrux-ml-kem/c/libcrux_core.c | 4 ++-- libcrux-ml-kem/c/libcrux_core.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 18 +++++++++++---- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 8 +++---- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 18 +++++++++++---- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 8 +++---- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 18 +++++++++++---- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 8 +++---- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 22 ++++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 ++-- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 22 ++++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 4 ++-- libcrux-ml-kem/c/libcrux_sha3.h | 4 ++-- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 ++-- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 ++-- libcrux-ml-kem/c/libcrux_sha3_internal.h | 4 ++-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 ++-- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 ++-- 33 files changed, 132 insertions(+), 90 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 2e22eab77..652ce941a 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 -Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 +Eurydice: 7d686376ec943225ff89942978c6c3028bac689c Karamel: 8c3612018c25889288da6857771be3ad03b75bcd F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 +Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index a0381ed6a..028032211 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 92522b699..0a996c9fb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index a90a7b18d..7bd8b40cd 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 003fbd8ee..8be31ea17 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c23f5a0f3..267174f80 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index fe23b8463..e98fb186d 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index a76feeeaa..899850336 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index e4c7008f7..7ec8206d4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 38597d472..bce2c367d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "libcrux_mlkem1024_avx2.h" @@ -205,7 +205,12 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { } /** - Private key validation +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_avx2 with const +generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 */ static bool validate_private_key_avx2_6b( libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, @@ -265,7 +270,12 @@ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key_only( } /** - Public key validation +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key_avx2 with const +generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 */ static bool validate_public_key_avx2_6b(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_1e(public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 8ca7a9720..f0664f5c8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f799f3dfd..efbf1c6cd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "libcrux_mlkem1024_portable.h" @@ -146,7 +146,7 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static bool validate_private_key_6b( +static KRML_MUSTINLINE bool validate_private_key_6b( libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_b5(private_key, @@ -200,7 +200,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_6b(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_6b(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_00(public_key); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 45f8bcfd4..c0cc37f0f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 6e717878f..f5f8e52cd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 3b8425a60..189f6fe8e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "libcrux_mlkem512_avx2.h" @@ -205,7 +205,12 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { } /** - Private key validation +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_avx2 with const +generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 */ static bool validate_private_key_avx2_1c( libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, @@ -265,7 +270,12 @@ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key_only( } /** - Public key validation +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key_avx2 with const +generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 */ static bool validate_public_key_avx2_1c(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_ba(public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 669e98b4e..fb012491b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index e9b85aecf..617386bb8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "libcrux_mlkem512_portable.h" @@ -146,7 +146,7 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static bool validate_private_key_1c( +static KRML_MUSTINLINE bool validate_private_key_1c( libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_fb(private_key, @@ -200,7 +200,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_1c(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_1c(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_86(public_key); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 35a235896..ca114ecc1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index afd2ddfb5..ac85b1f42 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 46d7d26b5..f9451ab9e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "libcrux_mlkem768_avx2.h" @@ -205,7 +205,12 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { } /** - Private key validation +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_avx2 with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 */ static bool validate_private_key_avx2_31( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, @@ -265,7 +270,12 @@ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key_only( } /** - Public key validation +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key_avx2 with const +generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 */ static bool validate_public_key_avx2_31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_ed(public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index ac6658417..620eb7623 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 5b8ba054c..eeafd72f8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "libcrux_mlkem768_portable.h" @@ -146,7 +146,7 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static bool validate_private_key_31( +static KRML_MUSTINLINE bool validate_private_key_31( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_37(private_key, @@ -200,7 +200,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_31(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_6c(public_key); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 4af44382a..d964d45a3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 75edc4e9b..a9323eaac 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "internal/libcrux_mlkem_avx2.h" @@ -3737,8 +3737,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_741(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { +static KRML_MUSTINLINE void encrypt_741(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { IndCpaPublicKeyUnpacked_63 unpacked_public_key = build_unpacked_public_key_fa1(public_key); IndCpaPublicKeyUnpacked_63 *uu____0 = &unpacked_public_key; @@ -6213,8 +6215,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_740(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { +static KRML_MUSTINLINE void encrypt_740(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U]) { IndCpaPublicKeyUnpacked_39 unpacked_public_key = build_unpacked_public_key_fa0(public_key); IndCpaPublicKeyUnpacked_39 *uu____0 = &unpacked_public_key; @@ -8277,8 +8281,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_74(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { +static KRML_MUSTINLINE void encrypt_74(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U]) { IndCpaPublicKeyUnpacked_94 unpacked_public_key = build_unpacked_public_key_fa(public_key); IndCpaPublicKeyUnpacked_94 *uu____0 = &unpacked_public_key; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index fcbeafcf4..ddd1f6c68 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 326a50675..d99545eff 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "internal/libcrux_mlkem_portable.h" @@ -4886,8 +4886,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_2a1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { +static KRML_MUSTINLINE void encrypt_2a1(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1568U]) { IndCpaPublicKeyUnpacked_af unpacked_public_key = build_unpacked_public_key_3f1(public_key); IndCpaPublicKeyUnpacked_af *uu____0 = &unpacked_public_key; @@ -7316,8 +7318,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_2a0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { +static KRML_MUSTINLINE void encrypt_2a0(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[768U]) { IndCpaPublicKeyUnpacked_d4 unpacked_public_key = build_unpacked_public_key_3f0(public_key); IndCpaPublicKeyUnpacked_d4 *uu____0 = &unpacked_public_key; @@ -9330,8 +9334,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_2a(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { +static KRML_MUSTINLINE void encrypt_2a(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { IndCpaPublicKeyUnpacked_a0 unpacked_public_key = build_unpacked_public_key_3f(public_key); IndCpaPublicKeyUnpacked_a0 *uu____0 = &unpacked_public_key; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 323ba861a..240fddd8f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 002ce6b2b..eb87a427c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 337305c5b..e0f18f191 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 1e2f53358..f4164e3b8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 14985c821..8e28a4374 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index aae5027cd..b7c0ab441 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f32a3a0a2..57377f60d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 */ #ifndef __libcrux_sha3_neon_H From 13a516cbaa7c16948e65cdcecaa76a50236ed9ab Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 13 Nov 2024 17:47:07 +0000 Subject: [PATCH 17/17] update C extraction --- .docker/c/ext-tools.sh | 4 +-- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 4 +-- libcrux-ml-kem/cg/libcrux_core.h | 4 +-- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +-- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 26 +++++++++++++------ libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 8 +++--- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 4 +-- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 4 +-- 41 files changed, 67 insertions(+), 57 deletions(-) diff --git a/.docker/c/ext-tools.sh b/.docker/c/ext-tools.sh index 2f6c8b85d..0a7283577 100644 --- a/.docker/c/ext-tools.sh +++ b/.docker/c/ext-tools.sh @@ -16,11 +16,11 @@ unzip karamel.zip rm -rf karamel.zip mv karamel-8c3612018c25889288da6857771be3ad03b75bcd/ karamel -curl -L https://github.com/AeneasVerif/eurydice/archive/1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c.zip \ +curl -L https://github.com/AeneasVerif/eurydice/archive/e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20.zip \ --output eurydice.zip unzip eurydice.zip rm -rf eurydice.zip -mv eurydice-1fff1c51ae6e6c87eafd28ec9d5594f54bc91c0c/ eurydice +mv eurydice-e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20/ eurydice echo "export KRML_HOME=$HOME/karamel" >>$HOME/.profile echo "export EURYDICE_HOME=$HOME/eurydice" >>$HOME/.profile diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 652ce941a..96556d5be 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 Eurydice: 7d686376ec943225ff89942978c6c3028bac689c Karamel: 8c3612018c25889288da6857771be3ad03b75bcd F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 +Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 028032211..c5f48a4ce 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 0a996c9fb..01108cafb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 7bd8b40cd..aca6e52eb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 8be31ea17..fb158f1b4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 267174f80..ca072118b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index e98fb186d..76677a85b 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 899850336..a94f355d9 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 7ec8206d4..b173ad526 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index bce2c367d..c43ee8f13 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index f0664f5c8..afd941054 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index efbf1c6cd..57e04e060 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index c0cc37f0f..b1942de40 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index f5f8e52cd..ab5380f35 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 189f6fe8e..e23ec575f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index fb012491b..6e4bc764c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 617386bb8..0f919e950 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index ca114ecc1..4cdcf8d07 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index ac85b1f42..adf020ae6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index f9451ab9e..b8fc9a3c4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 620eb7623..e5c7f82c3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index eeafd72f8..a767de37e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index d964d45a3..d3c6f6abc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index a9323eaac..8b8affa45 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index ddd1f6c68..cbc9c0c6c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index d99545eff..3272dbcf8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 240fddd8f..594c2bd30 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index eb87a427c..a930941d7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index e0f18f191..a9b3b3f77 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index f4164e3b8..7b0eb2132 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 8e28a4374..1e69eabe2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index b7c0ab441..a56ecfbd8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 57377f60d..7567bc4ae 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 150df2319c18ad9912639a9541adddd0d0e40015 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 2e22eab77..96556d5be 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 -Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 +Eurydice: 7d686376ec943225ff89942978c6c3028bac689c Karamel: 8c3612018c25889288da6857771be3ad03b75bcd F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 +Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 05c101904..05b642dd2 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 97a848756..58a2d4582 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 7e1bde166..6680aaac8 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem768_avx2_H @@ -5940,7 +5940,12 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_12( } /** - Private key validation +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key_avx2 with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool @@ -6120,7 +6125,12 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_ed( } /** - Public key validation +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key_avx2 with const +generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool @@ -6322,7 +6332,7 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_35( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6467,7 +6477,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE tuple_c2 +static inline tuple_c2 libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_cd( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 *public_key, uint8_t randomness[32U]) { @@ -6676,7 +6686,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c6( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { @@ -7477,7 +7487,7 @@ generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_a5( libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_63 diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index eb7967d68..a2e8ef0a4 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_mlkem768_portable_H @@ -6694,7 +6694,7 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static inline bool +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_31( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { @@ -6858,7 +6858,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static inline bool +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_31( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_6c(public_key); diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 50f7aff9a..22d1ca76b 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index f61a7f14b..68757a15e 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 45f5a34f336e35c6cc2253bc90cbdb8d812cefa9 - * Eurydice: e2db6e88adc9995ca9d3dedf7fa9bc4095e9ca20 + * Eurydice: 7d686376ec943225ff89942978c6c3028bac689c * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 76be5813ea48977a7e122f6af350f1a5324b2cb6 + * Libcrux: 122ee3d193e33f55c2324ee84f974e647255f545 */ #ifndef __libcrux_sha3_portable_H