diff --git a/extract_to_fstar.py b/extract_to_fstar.py index 1ad9e96da..a82cbeddd 100755 --- a/extract_to_fstar.py +++ b/extract_to_fstar.py @@ -18,9 +18,7 @@ def shell(command, expect=0, cwd=None, format_selection_string=False): print("\nDirectory: {}".format(cwd)) - ret = subprocess.run( - command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=cwd - ) + ret = subprocess.run(command, cwd=cwd) if ret.returncode != expect: raise Exception("Error {}. Expected {}.".format(ret, expect)) @@ -72,7 +70,8 @@ def shell(command, expect=0, cwd=None, format_selection_string=False): options.modules = " {}".format(options.modules) if options.functions: - options.functions = " ".join(["+" + function for function in options.functions]) + options.functions = " ".join( + ["+" + function for function in options.functions]) options.functions = " {}".format(options.functions) shell( diff --git a/proofs/fstar/extraction/Libcrux.Digest.fst b/proofs/fstar/extraction/Libcrux.Digest.fst new file mode 100644 index 000000000..1e91c2b63 --- /dev/null +++ b/proofs/fstar/extraction/Libcrux.Digest.fst @@ -0,0 +1,38 @@ +module Libcrux.Digest +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core + +type t_Algorithm = + | Algorithm_Sha1 : t_Algorithm + | Algorithm_Sha224 : t_Algorithm + | Algorithm_Sha256 : t_Algorithm + | Algorithm_Sha384 : t_Algorithm + | Algorithm_Sha512 : t_Algorithm + | Algorithm_Blake2s : t_Algorithm + | Algorithm_Blake2b : t_Algorithm + | Algorithm_Sha3_224_ : t_Algorithm + | Algorithm_Sha3_256_ : t_Algorithm + | Algorithm_Sha3_384_ : t_Algorithm + | Algorithm_Sha3_512_ : t_Algorithm + +let digest_size (mode: t_Algorithm) : usize = + match mode with + | Algorithm_Sha1 -> sz 20 + | Algorithm_Sha224 -> sz 28 + | Algorithm_Sha256 -> sz 32 + | Algorithm_Sha384 -> sz 48 + | Algorithm_Sha512 -> sz 64 + | Algorithm_Blake2s -> sz 32 + | Algorithm_Blake2b -> sz 64 + | Algorithm_Sha3_224_ -> sz 28 + | Algorithm_Sha3_256_ -> sz 32 + | Algorithm_Sha3_384_ -> sz 48 + | Algorithm_Sha3_512_ -> sz 64 + +let sha3_256_ (payload: slice u8) : array u8 (sz 32) = Libcrux.Hacl.Sha3.sha256 payload + +let sha3_512_ (payload: slice u8) : array u8 (sz 64) = Libcrux.Hacl.Sha3.sha512 payload + +let shake128 (#v_LEN: usize) (data: slice u8) : array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 data + +let shake256 (#v_LEN: usize) (data: slice u8) : array u8 v_LEN = Libcrux.Hacl.Sha3.shake256 data \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Hacl.Sha3.fst b/proofs/fstar/extraction/Libcrux.Hacl.Sha3.fst new file mode 100644 index 000000000..774cdd2e6 --- /dev/null +++ b/proofs/fstar/extraction/Libcrux.Hacl.Sha3.fst @@ -0,0 +1,39 @@ +module Libcrux.Hacl.Sha3 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core + +let sha256 (payload: slice u8) : array u8 (sz 32) = + let digest:array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let _:Prims.unit = + Rust_primitives.Hax.failure "" + "{ Types.attributes = [];\n contents =\n Types.Block {expr = None; opt_destruction_scope = None;\n region_scope = { Types.data = Types.Node; id = \"33\" };\n safety_mode = Types.ExplicitUnsafe;\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"30\" };\n lo = { Types.col = \"4\"; line = \"24\" } };\n stmts =\n [{ Types.kind =\n Types.Expr {\n expr =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 200);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"payload\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"19\"; line = \"26\" };\n lo =\n { Types.col = \"12\"; line = \"26\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"26\" };\n lo = { Types.col = \"12\"; line = \"26\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"200\", \"20\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"26\" };\n lo = { Types.col = \"12\"; line = \"26\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"26\" };\n lo = { Types.col = \"20\"; line = \"26\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 10989); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"23\"; line = \"26\" };\n lo = { Types.col = \"20\"; line = \"26\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0\n };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"len\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"200\", \"18\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"26\" };\n lo = { Types.col = \"12\"; line = \"26\" } };\n ty = (Types.Uint Types.Usize) }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"36\"; line = \"26\" };\n lo = { Types.col = \"26\"; line = \"26\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 2519); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"try_into\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"34\"; line = \"26\" };\n lo = { Types.col = \"26\"; line = \"26\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs = [(Types.Uint Types.Usize)];\n output =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n (Types.Alias\n (Types.Projection,\n { Types.def_id =\n { Types.index = (2, 2518);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Error\");\n disambiguator = 0 }\n ]\n };\n substs =\n [(Types.Type\n (Types.Uint Types.Usize));\n (Types.Type\n (Types.Uint Types.U32))\n ];\n trait_def_id =\n (Some ({ Types.index = (2, 2516);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs\n \"TryInto\");\n disambiguator = 0 }\n ]\n },\n { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.Usize))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate =\n \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (\n Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.U32))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {\n generics = [];\n id =\n { Types.index =\n (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"num\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"ptr_try_from_impls\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type\n (Types.Uint\n Types.Usize));\n (Types.Type\n (Types.Uint\n Types.U32))\n ];\n id =\n { Types.index =\n (2, 2546);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 6 }\n ]\n }}\n }))\n })))\n ]};\n unsafety = Types.Normal }\n })\n };\n impl =\n (Some { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index = (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"marker\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Sized\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.Usize))]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index = (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"marker\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Sized\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32))]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {generics = [];\n id =\n { Types.index = (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"ptr_try_from_impls\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type (Types.Uint Types.Usize));\n (Types.Type (Types.Uint Types.U32))];\n id =\n { Types.index = (2, 2546); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 6 }\n ]\n }}\n });\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs = [(Types.Uint Types.Usize)];\n output =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n (Types.Alias\n (Types.Projection,\n { Types.def_id =\n { Types.index = (2, 2518);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Error\");\n disambiguator = 0 }\n ]\n };\n substs =\n [(Types.Type\n (Types.Uint Types.Usize));\n (Types.Type\n (Types.Uint Types.U32))\n ];\n trait_def_id =\n (Some ({ Types.index = (2, 2516);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs\n \"TryInto\");\n disambiguator = 0 }\n ]\n },\n { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.Usize))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.U32))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {\n generics = [];\n id =\n { Types.index =\n (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"num\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"ptr_try_from_impls\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type\n (Types.Uint\n Types.Usize));\n (Types.Type\n (Types.Uint\n Types.U32))\n ];\n id =\n { Types.index =\n (2, 2546);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0\n };\n { Types.data =\n Types.Impl;\n disambiguator = 6\n }\n ]\n }}\n }))\n })))\n ]};\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"200\", \"16\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"36\"; line = \"26\" };\n lo = { Types.col = \"12\"; line = \"26\" } };\n ty =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"45\"; line = \"26\" };\n lo = { Types.col = \"37\"; line = \"26\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 8523); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"unwrap\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"43\"; line = \"26\" };\n lo = { Types.col = \"37\"; line = \"26\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n ];\n output = (Types.Uint Types.U32);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n ];\n output = (Types.Uint Types.U32);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"200\", \"14\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"45\"; line = \"26\" };\n lo = { Types.col = \"12\"; line = \"26\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.ValueTypeAscription {\n source =\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 200);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"payload\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"19\"; line = \"27\" };\n lo =\n { Types.col = \"12\"; line = \"27\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"27\" };\n lo = { Types.col = \"12\"; line = \"27\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"200\", \"25\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"27\" };\n lo = { Types.col = \"12\"; line = \"27\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"27\" };\n lo = { Types.col = \"20\"; line = \"27\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11039); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"27\" };\n lo = { Types.col = \"20\"; line = \"27\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"200\", \"23\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"27\" };\n lo = { Types.col = \"12\"; line = \"27\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = false; ty = (Types.Uint Types.U8)\n })\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"33\"; line = \"27\" };\n lo = { Types.col = \"12\"; line = \"27\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n user_ty =\n (Some { Types.max_universe = \"0\";\n value = (Types.Todo \"Ty(^0)\");\n variables = [(Types.Ty (Types.General \"0\"))] })};\n hir_id = (Some (\"200\", \"22\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"33\"; line = \"27\" };\n lo = { Types.col = \"12\"; line = \"27\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Pointer {cast = Types.Unsize;\n source =\n { Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"9\";\n owner =\n { Types.index = (0, 200);\n krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"digest\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"18\"; line = \"28\" };\n lo = { Types.col = \"12\"; line = \"28\" } };\n ty =\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n (Types.Literal\n (Types.Int\n (Types.Uint (\"32\", Types.Usize))));\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) }))\n };\n borrow_kind =\n Types.Mut {allow_two_phase_borrow = true}};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"28\" };\n lo = { Types.col = \"12\"; line = \"28\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n (Types.Literal\n (Types.Int\n (Types.Uint (\"32\", Types.Usize))));\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) })),\n true))\n }};\n hir_id = (Some (\"200\", \"30\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"28\" };\n lo = { Types.col = \"12\"; line = \"28\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), true))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"28\" };\n lo = { Types.col = \"19\"; line = \"28\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11040); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"29\"; line = \"28\" };\n lo = { Types.col = \"19\"; line = \"28\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8)\n });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"200\", \"28\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"28\" };\n lo = { Types.col = \"12\"; line = \"28\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"29\" };\n lo = { Types.col = \"8\"; line = \"25\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (22, 143); krate = \"libcrux_hacl\";\n path =\n [{ Types.data = (Types.TypeNs \"bindings\");\n disambiguator = 0 };\n { Types.data = Types.ForeignMod; disambiguator = 48 };\n { Types.data = (Types.ValueNs \"Hacl_SHA3_sha3_256\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"25\" };\n lo = { Types.col = \"8\"; line = \"25\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })};\n hir_id = (Some (\"200\", \"11\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"29\" };\n lo = { Types.col = \"8\"; line = \"25\" } };\n ty = (Types.Tuple []) };\n scope = { Types.data = Types.Node; id = \"32\" }};\n opt_destruction_scope =\n (Some { Types.data = Types.Destruction; id = \"32\" }) }\n ];\n targeted_by_break = false};\n hir_id = (Some (\"200\", \"10\"));\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"30\" };\n lo = { Types.col = \"4\"; line = \"24\" } };\n ty = (Types.Tuple []) }" + + in + digest + +let sha512 (payload: slice u8) : array u8 (sz 64) = + let digest:array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let _:Prims.unit = + Rust_primitives.Hax.failure "" + "{ Types.attributes = [];\n contents =\n Types.Block {expr = None; opt_destruction_scope = None;\n region_scope = { Types.data = Types.Node; id = \"33\" };\n safety_mode = Types.ExplicitUnsafe;\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"56\" };\n lo = { Types.col = \"4\"; line = \"50\" } };\n stmts =\n [{ Types.kind =\n Types.Expr {\n expr =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 206);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha512\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"payload\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"19\"; line = \"52\" };\n lo =\n { Types.col = \"12\"; line = \"52\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"52\" };\n lo = { Types.col = \"12\"; line = \"52\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"206\", \"20\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"52\" };\n lo = { Types.col = \"12\"; line = \"52\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"52\" };\n lo = { Types.col = \"20\"; line = \"52\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 10989); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"23\"; line = \"52\" };\n lo = { Types.col = \"20\"; line = \"52\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0\n };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"len\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"206\", \"18\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"52\" };\n lo = { Types.col = \"12\"; line = \"52\" } };\n ty = (Types.Uint Types.Usize) }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"36\"; line = \"52\" };\n lo = { Types.col = \"26\"; line = \"52\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 2519); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"try_into\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"34\"; line = \"52\" };\n lo = { Types.col = \"26\"; line = \"52\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs = [(Types.Uint Types.Usize)];\n output =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n (Types.Alias\n (Types.Projection,\n { Types.def_id =\n { Types.index = (2, 2518);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Error\");\n disambiguator = 0 }\n ]\n };\n substs =\n [(Types.Type\n (Types.Uint Types.Usize));\n (Types.Type\n (Types.Uint Types.U32))\n ];\n trait_def_id =\n (Some ({ Types.index = (2, 2516);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs\n \"TryInto\");\n disambiguator = 0 }\n ]\n },\n { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.Usize))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate =\n \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (\n Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.U32))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {\n generics = [];\n id =\n { Types.index =\n (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"num\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"ptr_try_from_impls\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type\n (Types.Uint\n Types.Usize));\n (Types.Type\n (Types.Uint\n Types.U32))\n ];\n id =\n { Types.index =\n (2, 2546);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 6 }\n ]\n }}\n }))\n })))\n ]};\n unsafety = Types.Normal }\n })\n };\n impl =\n (Some { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index = (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"marker\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Sized\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.Usize))]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index = (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"marker\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Sized\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32))]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {generics = [];\n id =\n { Types.index = (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"ptr_try_from_impls\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type (Types.Uint Types.Usize));\n (Types.Type (Types.Uint Types.U32))];\n id =\n { Types.index = (2, 2546); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 6 }\n ]\n }}\n });\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs = [(Types.Uint Types.Usize)];\n output =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n (Types.Alias\n (Types.Projection,\n { Types.def_id =\n { Types.index = (2, 2518);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Error\");\n disambiguator = 0 }\n ]\n };\n substs =\n [(Types.Type\n (Types.Uint Types.Usize));\n (Types.Type\n (Types.Uint Types.U32))\n ];\n trait_def_id =\n (Some ({ Types.index = (2, 2516);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs\n \"TryInto\");\n disambiguator = 0 }\n ]\n },\n { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.Usize))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.U32))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {\n generics = [];\n id =\n { Types.index =\n (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"num\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"ptr_try_from_impls\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type\n (Types.Uint\n Types.Usize));\n (Types.Type\n (Types.Uint\n Types.U32))\n ];\n id =\n { Types.index =\n (2, 2546);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0\n };\n { Types.data =\n Types.Impl;\n disambiguator = 6\n }\n ]\n }}\n }))\n })))\n ]};\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"206\", \"16\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"36\"; line = \"52\" };\n lo = { Types.col = \"12\"; line = \"52\" } };\n ty =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"45\"; line = \"52\" };\n lo = { Types.col = \"37\"; line = \"52\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 8523); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"unwrap\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"43\"; line = \"52\" };\n lo = { Types.col = \"37\"; line = \"52\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n ];\n output = (Types.Uint Types.U32);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n ];\n output = (Types.Uint Types.U32);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"206\", \"14\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"45\"; line = \"52\" };\n lo = { Types.col = \"12\"; line = \"52\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.ValueTypeAscription {\n source =\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 206);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha512\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"payload\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"19\"; line = \"53\" };\n lo =\n { Types.col = \"12\"; line = \"53\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"53\" };\n lo = { Types.col = \"12\"; line = \"53\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"206\", \"25\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"53\" };\n lo = { Types.col = \"12\"; line = \"53\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"53\" };\n lo = { Types.col = \"20\"; line = \"53\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11039); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"53\" };\n lo = { Types.col = \"20\"; line = \"53\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"206\", \"23\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"53\" };\n lo = { Types.col = \"12\"; line = \"53\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = false; ty = (Types.Uint Types.U8)\n })\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"33\"; line = \"53\" };\n lo = { Types.col = \"12\"; line = \"53\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n user_ty =\n (Some { Types.max_universe = \"0\";\n value = (Types.Todo \"Ty(^0)\");\n variables = [(Types.Ty (Types.General \"0\"))] })};\n hir_id = (Some (\"206\", \"22\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"33\"; line = \"53\" };\n lo = { Types.col = \"12\"; line = \"53\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Pointer {cast = Types.Unsize;\n source =\n { Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"9\";\n owner =\n { Types.index = (0, 206);\n krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha512\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"digest\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"18\"; line = \"54\" };\n lo = { Types.col = \"12\"; line = \"54\" } };\n ty =\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n (Types.Literal\n (Types.Int\n (Types.Uint (\"64\", Types.Usize))));\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) }))\n };\n borrow_kind =\n Types.Mut {allow_two_phase_borrow = true}};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"54\" };\n lo = { Types.col = \"12\"; line = \"54\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n (Types.Literal\n (Types.Int\n (Types.Uint (\"64\", Types.Usize))));\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) })),\n true))\n }};\n hir_id = (Some (\"206\", \"30\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"54\" };\n lo = { Types.col = \"12\"; line = \"54\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), true))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"54\" };\n lo = { Types.col = \"19\"; line = \"54\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11040); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"29\"; line = \"54\" };\n lo = { Types.col = \"19\"; line = \"54\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8)\n });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"206\", \"28\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"54\" };\n lo = { Types.col = \"12\"; line = \"54\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"55\" };\n lo = { Types.col = \"8\"; line = \"51\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (22, 147); krate = \"libcrux_hacl\";\n path =\n [{ Types.data = (Types.TypeNs \"bindings\");\n disambiguator = 0 };\n { Types.data = Types.ForeignMod; disambiguator = 50 };\n { Types.data = (Types.ValueNs \"Hacl_SHA3_sha3_512\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"51\" };\n lo = { Types.col = \"8\"; line = \"51\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })};\n hir_id = (Some (\"206\", \"11\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"55\" };\n lo = { Types.col = \"8\"; line = \"51\" } };\n ty = (Types.Tuple []) };\n scope = { Types.data = Types.Node; id = \"32\" }};\n opt_destruction_scope =\n (Some { Types.data = Types.Destruction; id = \"32\" }) }\n ];\n targeted_by_break = false};\n hir_id = (Some (\"206\", \"10\"));\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"56\" };\n lo = { Types.col = \"4\"; line = \"50\" } };\n ty = (Types.Tuple []) }" + + in + digest + +let shake128 (#v_BYTES: usize) (data: slice u8) : array u8 v_BYTES = + let out:array u8 v_BYTES = Rust_primitives.Hax.repeat 0uy v_BYTES in + let _:Prims.unit = + Rust_primitives.Hax.failure "" + "{ Types.attributes = [];\n contents =\n Types.Block {expr = None; opt_destruction_scope = None;\n region_scope = { Types.data = Types.Node; id = \"38\" };\n safety_mode = Types.ExplicitUnsafe;\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"70\" };\n lo = { Types.col = \"4\"; line = \"63\" } };\n stmts =\n [{ Types.kind =\n Types.Expr {\n expr =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 209);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake128\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"data\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"16\"; line = \"65\" };\n lo = { Types.col = \"12\"; line = \"65\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"65\" };\n lo = { Types.col = \"12\"; line = \"65\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"209\", \"18\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"65\" };\n lo = { Types.col = \"12\"; line = \"65\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"65\" };\n lo = { Types.col = \"17\"; line = \"65\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 10989); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"20\"; line = \"65\" };\n lo = { Types.col = \"17\"; line = \"65\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"209\", \"16\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"65\" };\n lo = { Types.col = \"12\"; line = \"65\" } };\n ty = (Types.Uint Types.Usize) }};\n hir_id = (Some (\"209\", \"15\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"29\"; line = \"65\" };\n lo = { Types.col = \"12\"; line = \"65\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.ValueTypeAscription {\n source =\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 209);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake128\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"data\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"16\"; line = \"66\" };\n lo =\n { Types.col = \"12\"; line = \"66\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"66\" };\n lo = { Types.col = \"12\"; line = \"66\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"209\", \"25\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"66\" };\n lo = { Types.col = \"12\"; line = \"66\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"66\" };\n lo = { Types.col = \"17\"; line = \"66\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11039); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"23\"; line = \"66\" };\n lo = { Types.col = \"17\"; line = \"66\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"209\", \"23\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"66\" };\n lo = { Types.col = \"12\"; line = \"66\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = false; ty = (Types.Uint Types.U8)\n })\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"30\"; line = \"66\" };\n lo = { Types.col = \"12\"; line = \"66\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n user_ty =\n (Some { Types.max_universe = \"0\";\n value = (Types.Todo \"Ty(^0)\");\n variables = [(Types.Ty (Types.General \"0\"))] })};\n hir_id = (Some (\"209\", \"22\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"30\"; line = \"66\" };\n lo = { Types.col = \"12\"; line = \"66\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.ConstParam {\n def_id =\n { Types.index = (0, 210); krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"shake128\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"BYTES\");\n disambiguator = 0 }\n ]\n };\n param = { Types.index = 0; name = \"BYTES\" }};\n hir_id = (Some (\"209\", \"29\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"17\"; line = \"67\" };\n lo = { Types.col = \"12\"; line = \"67\" } };\n ty = (Types.Uint Types.Usize) }};\n hir_id = (Some (\"209\", \"28\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"24\"; line = \"67\" };\n lo = { Types.col = \"12\"; line = \"67\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Pointer {cast = Types.Unsize;\n source =\n { Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"10\";\n owner =\n { Types.index = (0, 209);\n krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake128\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"out\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"15\"; line = \"68\" };\n lo = { Types.col = \"12\"; line = \"68\" } };\n ty =\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n Types.ConstRef {\n id =\n { Types.index = 0; name = \"BYTES\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) }))\n };\n borrow_kind =\n Types.Mut {allow_two_phase_borrow = true}};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"68\" };\n lo = { Types.col = \"12\"; line = \"68\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n Types.ConstRef {\n id =\n { Types.index = 0; name = \"BYTES\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) })),\n true))\n }};\n hir_id = (Some (\"209\", \"35\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"68\" };\n lo = { Types.col = \"12\"; line = \"68\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), true))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"68\" };\n lo = { Types.col = \"16\"; line = \"68\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11040); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"68\" };\n lo = { Types.col = \"16\"; line = \"68\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8)\n });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"209\", \"33\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"68\" };\n lo = { Types.col = \"12\"; line = \"68\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"69\" };\n lo = { Types.col = \"8\"; line = \"64\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (22, 137); krate = \"libcrux_hacl\";\n path =\n [{ Types.data = (Types.TypeNs \"bindings\");\n disambiguator = 0 };\n { Types.data = Types.ForeignMod; disambiguator = 45 };\n { Types.data = (Types.ValueNs \"Hacl_SHA3_shake128_hacl\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"64\" };\n lo = { Types.col = \"8\"; line = \"64\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })};\n hir_id = (Some (\"209\", \"12\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"69\" };\n lo = { Types.col = \"8\"; line = \"64\" } };\n ty = (Types.Tuple []) };\n scope = { Types.data = Types.Node; id = \"37\" }};\n opt_destruction_scope =\n (Some { Types.data = Types.Destruction; id = \"37\" }) }\n ];\n targeted_by_break = false};\n hir_id = (Some (\"209\", \"11\"));\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"70\" };\n lo = { Types.col = \"4\"; line = \"63\" } };\n ty = (Types.Tuple []) }" + + in + out + +let shake256 (#v_BYTES: usize) (data: slice u8) : array u8 v_BYTES = + let out:array u8 v_BYTES = Rust_primitives.Hax.repeat 0uy v_BYTES in + let _:Prims.unit = + Rust_primitives.Hax.failure "" + "{ Types.attributes = [];\n contents =\n Types.Block {expr = None; opt_destruction_scope = None;\n region_scope = { Types.data = Types.Node; id = \"38\" };\n safety_mode = Types.ExplicitUnsafe;\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"87\" };\n lo = { Types.col = \"4\"; line = \"80\" } };\n stmts =\n [{ Types.kind =\n Types.Expr {\n expr =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 213);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"data\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"16\"; line = \"82\" };\n lo = { Types.col = \"12\"; line = \"82\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"82\" };\n lo = { Types.col = \"12\"; line = \"82\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"213\", \"18\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"82\" };\n lo = { Types.col = \"12\"; line = \"82\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"82\" };\n lo = { Types.col = \"17\"; line = \"82\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 10989); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"20\"; line = \"82\" };\n lo = { Types.col = \"17\"; line = \"82\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"213\", \"16\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"82\" };\n lo = { Types.col = \"12\"; line = \"82\" } };\n ty = (Types.Uint Types.Usize) }};\n hir_id = (Some (\"213\", \"15\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"29\"; line = \"82\" };\n lo = { Types.col = \"12\"; line = \"82\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.ValueTypeAscription {\n source =\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 213);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"data\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"16\"; line = \"83\" };\n lo =\n { Types.col = \"12\"; line = \"83\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"83\" };\n lo = { Types.col = \"12\"; line = \"83\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"213\", \"25\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"83\" };\n lo = { Types.col = \"12\"; line = \"83\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"83\" };\n lo = { Types.col = \"17\"; line = \"83\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11039); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"23\"; line = \"83\" };\n lo = { Types.col = \"17\"; line = \"83\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"213\", \"23\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"83\" };\n lo = { Types.col = \"12\"; line = \"83\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = false; ty = (Types.Uint Types.U8)\n })\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"30\"; line = \"83\" };\n lo = { Types.col = \"12\"; line = \"83\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n user_ty =\n (Some { Types.max_universe = \"0\";\n value = (Types.Todo \"Ty(^0)\");\n variables = [(Types.Ty (Types.General \"0\"))] })};\n hir_id = (Some (\"213\", \"22\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"30\"; line = \"83\" };\n lo = { Types.col = \"12\"; line = \"83\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.ConstParam {\n def_id =\n { Types.index = (0, 214); krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"shake256\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"BYTES\");\n disambiguator = 0 }\n ]\n };\n param = { Types.index = 0; name = \"BYTES\" }};\n hir_id = (Some (\"213\", \"29\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"17\"; line = \"84\" };\n lo = { Types.col = \"12\"; line = \"84\" } };\n ty = (Types.Uint Types.Usize) }};\n hir_id = (Some (\"213\", \"28\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"24\"; line = \"84\" };\n lo = { Types.col = \"12\"; line = \"84\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Pointer {cast = Types.Unsize;\n source =\n { Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"10\";\n owner =\n { Types.index = (0, 213);\n krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"out\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"15\"; line = \"85\" };\n lo = { Types.col = \"12\"; line = \"85\" } };\n ty =\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n Types.ConstRef {\n id =\n { Types.index = 0; name = \"BYTES\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) }))\n };\n borrow_kind =\n Types.Mut {allow_two_phase_borrow = true}};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"85\" };\n lo = { Types.col = \"12\"; line = \"85\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n Types.ConstRef {\n id =\n { Types.index = 0; name = \"BYTES\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) })),\n true))\n }};\n hir_id = (Some (\"213\", \"35\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"85\" };\n lo = { Types.col = \"12\"; line = \"85\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), true))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"85\" };\n lo = { Types.col = \"16\"; line = \"85\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11040); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"85\" };\n lo = { Types.col = \"16\"; line = \"85\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8)\n });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"213\", \"33\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"85\" };\n lo = { Types.col = \"12\"; line = \"85\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"86\" };\n lo = { Types.col = \"8\"; line = \"81\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (22, 139); krate = \"libcrux_hacl\";\n path =\n [{ Types.data = (Types.TypeNs \"bindings\");\n disambiguator = 0 };\n { Types.data = Types.ForeignMod; disambiguator = 46 };\n { Types.data = (Types.ValueNs \"Hacl_SHA3_shake256_hacl\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"81\" };\n lo = { Types.col = \"8\"; line = \"81\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })};\n hir_id = (Some (\"213\", \"12\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"86\" };\n lo = { Types.col = \"8\"; line = \"81\" } };\n ty = (Types.Tuple []) };\n scope = { Types.data = Types.Node; id = \"37\" }};\n opt_destruction_scope =\n (Some { Types.data = Types.Destruction; id = \"37\" }) }\n ];\n targeted_by_break = false};\n hir_id = (Some (\"213\", \"11\"));\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"87\" };\n lo = { Types.col = \"4\"; line = \"80\" } };\n ty = (Types.Tuple []) }" + + in + out \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Arithmetic.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Arithmetic.fst index 634e8ee5c..480bbc7e1 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Arithmetic.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Arithmetic.fst @@ -2,98 +2,78 @@ module Libcrux.Kem.Kyber.Arithmetic #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let t_KyberFieldElement = i32 - let v_BARRETT_SHIFT: i32 = 26l -let v_BARRETT_R: i32 = 1l >>. v_BARRETT_SHIFT +let v_BARRETT_R: i32 = 1l <>! 1l <: i32) <: i32) >>! v_BARRETT_SHIFT in - value -. (quotient *. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) + value -! (quotient *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) let v_MONTGOMERY_SHIFT: i64 = 16L -let v_MONTGOMERY_R: i64 = 1L >>. v_MONTGOMERY_SHIFT +let v_MONTGOMERY_R: i64 = 1L <>! v_MONTGOMERY_SHIFT -let to_montgomery_domain (value: i32) : i32 = montgomery_reduce (1353l *. value <: i32) +let to_montgomery_domain (value: i32) : i32 = montgomery_reduce (1353l *! value <: i32) -type t_KyberPolynomialRingElement = { f_coefficients:array i32 256sz } +type t_KyberPolynomialRingElement = { f_coefficients:array i32 (sz 256) } -let v_ZERO_under_impl: t_KyberPolynomialRingElement = - { - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - = - Rust_primitives.Hax.repeat 0l 256sz - } +let impl__ZERO: t_KyberPolynomialRingElement = + { f_coefficients = Rust_primitives.Hax.repeat 0l (sz 256) } -let impl: Core.Ops.Index.t_Index t_KyberPolynomialRingElement usize = +let impl_1: Core.Ops.Index.t_Index t_KyberPolynomialRingElement usize = { - output = i32; - index + f_impl_1__Output = i32; + f_impl_1__index = - fun (self: t_KyberPolynomialRingElement) (index: usize) -> - self.Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients.[ index ] + fun (self: t_KyberPolynomialRingElement) (index: usize) -> self.f_coefficients.[ index ] } -let impl: Core.Iter.Traits.Collect.t_IntoIterator t_KyberPolynomialRingElement = +let impl_2: Core.Iter.Traits.Collect.t_IntoIterator t_KyberPolynomialRingElement = { - item = i32; - intoIter = Core.Array.Iter.t_IntoIter i32 256sz; - into_iter + f_impl_2__Item = i32; + f_impl_2__IntoIter = Core.Array.Iter.t_IntoIter i32 (sz 256); + f_impl_2__into_iter = fun (self: t_KyberPolynomialRingElement) -> - Core.Iter.Traits.Collect.IntoIterator.into_iter self - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Iter.Traits.Collect.f_into_iter self.f_coefficients } -let impl: Core.Ops.Arith.t_Add t_KyberPolynomialRingElement t_KyberPolynomialRingElement = +let impl_3: Core.Ops.Arith.t_Add t_KyberPolynomialRingElement t_KyberPolynomialRingElement = { - output = t_KyberPolynomialRingElement; - add + f_impl_3__Output = t_KyberPolynomialRingElement; + f_impl_3__add = fun (self: t_KyberPolynomialRingElement) (other: t_KyberPolynomialRingElement) -> - let result:t_KyberPolynomialRingElement = v_ZERO_under_impl in + let result:t_KyberPolynomialRingElement = impl__ZERO in let result:t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end - = - Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT }) <: - _) + _.f_IntoIter) result (fun result i -> { result with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + f_coefficients = - Rust_primitives.Hax.update_at result - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Rust_primitives.Hax.update_at result.f_coefficients i - ((self.Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients.[ i - ] - <: - i32) +. - (other.Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients.[ i - ] - <: - i32) - <: - i32) + ((self.f_coefficients.[ i ] <: i32) +! (other.f_coefficients.[ i ] <: i32) <: i32) <: t_KyberPolynomialRingElement }) @@ -101,41 +81,29 @@ let impl: Core.Ops.Arith.t_Add t_KyberPolynomialRingElement t_KyberPolynomialRin result } -let impl: Core.Ops.Arith.t_Sub t_KyberPolynomialRingElement t_KyberPolynomialRingElement = +let impl_4: Core.Ops.Arith.t_Sub t_KyberPolynomialRingElement t_KyberPolynomialRingElement = { - output = t_KyberPolynomialRingElement; - sub + f_impl_4__Output = t_KyberPolynomialRingElement; + f_impl_4__sub = fun (self: t_KyberPolynomialRingElement) (other: t_KyberPolynomialRingElement) -> - let result:t_KyberPolynomialRingElement = v_ZERO_under_impl in + let result:t_KyberPolynomialRingElement = impl__ZERO in let result:t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end - = - Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT }) <: - _) + _.f_IntoIter) result (fun result i -> { result with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + f_coefficients = - Rust_primitives.Hax.update_at result - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Rust_primitives.Hax.update_at result.f_coefficients i - ((self.Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients.[ i - ] - <: - i32) -. - (other.Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients.[ i - ] - <: - i32) - <: - i32) + ((self.f_coefficients.[ i ] <: i32) -! (other.f_coefficients.[ i ] <: i32) <: i32) <: t_KyberPolynomialRingElement }) diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Compress.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Compress.fst index 2d9f94222..7d9e0a7e4 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Compress.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Compress.fst @@ -3,16 +3,15 @@ module Libcrux.Kem.Kyber.Compress open Core let compress - (#coefficient_bits: usize) + (#v_COEFFICIENT_BITS: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Core.Array.map_under_impl_23 re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Array.impl_23__map re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients (fun coefficient -> compress_q (Libcrux.Kem.Kyber.Conversions.to_unsigned_representative coefficient <: u16) <: @@ -28,16 +27,15 @@ let decompress let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Core.Array.map_under_impl_23 re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Array.impl_23__map re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients (fun coefficient -> decompress_q coefficient bits_per_compressed_coefficient <: i32) } in re -let compress_q (#coefficient_bits: usize) (fe: u16) : i32 = +let compress_q (#v_COEFFICIENT_BITS: usize) (fe: u16) : i32 = let _:Prims.unit = if true then @@ -51,13 +49,15 @@ let compress_q (#coefficient_bits: usize) (fe: u16) : i32 = in () in - let two_pow_bit_size:u32 = 1ul >>. v_COEFFICIENT_BITS in - let compressed:u32 = cast fe *. (two_pow_bit_size >>. 1l <: u32) in - let compressed:Prims.unit = compressed +. cast Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS in + let two_pow_bit_size:u32 = 1ul <>. 1l <: i32) + compressed +! (cast Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: u32) in - cast (compressed &. (two_pow_bit_size -. 1ul <: u32)) + let compressed:Prims.unit = + compressed /! (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <>. 1l <: u32) +. (1ul >>. to_bit_size <: u32) in - let decompressed:Prims.unit = decompressed <<. (to_bit_size +. 1sz <: usize) in - cast decompressed \ No newline at end of file + let decompressed:u32 = + (cast fe <: u32) *! (cast Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: u32) + in + let decompressed:u32 = (decompressed <>! (to_bit_size +! sz 1 <: usize) in + cast decompressed <: i32 \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst index 5447f07ea..ac36ffd4a 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst @@ -3,15 +3,15 @@ module Libcrux.Kem.Kyber.Constant_time_ops open Core let is_non_zero (value: u8) : u8 = - let value_negated:i8 = Core.Ops.Arith.Neg.neg (cast value) in - ((value |. cast value_negated <: u8) <<. 7l <: u8) &. 1uy + let value_negated:i8 = Core.Ops.Arith.Neg.neg (cast value <: i8) in + ((value |. (cast value_negated <: u8) <: u8) >>! 7l <: u8) &. 1uy -let compare_ciphertexts_in_constant_time (#ciphertext_size: usize) (lhs rhs: slice u8) : u8 = +let compare_ciphertexts_in_constant_time (#v_CIPHERTEXT_SIZE: usize) (lhs rhs: slice u8) : u8 = let _:Prims.unit = if true then let _:Prims.unit = - match Core.Slice.len_under_impl lhs, Core.Slice.len_under_impl rhs with + match Core.Slice.impl__len lhs, Core.Slice.impl__len rhs with | left_val, right_val -> if ~.(left_val =. right_val <: bool) then @@ -29,7 +29,7 @@ let compare_ciphertexts_in_constant_time (#ciphertext_size: usize) (lhs rhs: sli if true then let _:Prims.unit = - match Core.Slice.len_under_impl lhs, v_CIPHERTEXT_SIZE with + match Core.Slice.impl__len lhs, v_CIPHERTEXT_SIZE with | left_val, right_val -> if ~.(left_val =. right_val <: bool) then @@ -45,23 +45,23 @@ let compare_ciphertexts_in_constant_time (#ciphertext_size: usize) (lhs rhs: sli in let (r: u8):u8 = 0uy in let r:Prims.unit = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = v_CIPHERTEXT_SIZE + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_CIPHERTEXT_SIZE }) <: - _) + _.f_IntoIter) r (fun r i -> r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: Prims.unit) in is_non_zero r -let select_shared_secret_in_constant_time (lhs rhs: slice u8) (selector: u8) : array u8 32sz = +let select_shared_secret_in_constant_time (lhs rhs: slice u8) (selector: u8) : array u8 (sz 32) = let _:Prims.unit = if true then let _:Prims.unit = - match Core.Slice.len_under_impl lhs, Core.Slice.len_under_impl rhs with + match Core.Slice.impl__len lhs, Core.Slice.impl__len rhs with | left_val, right_val -> if ~.(left_val =. right_val <: bool) then @@ -79,7 +79,7 @@ let select_shared_secret_in_constant_time (lhs rhs: slice u8) (selector: u8) : a if true then let _:Prims.unit = - match Core.Slice.len_under_impl lhs, Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE with + match Core.Slice.impl__len lhs, Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE with | left_val, right_val -> if ~.(left_val =. right_val <: bool) then @@ -93,15 +93,15 @@ let select_shared_secret_in_constant_time (lhs rhs: slice u8) (selector: u8) : a in () in - let mask:u8 = Core.Num.wrapping_sub_under_impl_6 (is_non_zero selector <: u8) 1uy in - let out:array u8 32sz = Rust_primitives.Hax.repeat 0uy 32sz in - let out:array u8 32sz = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE + let mask:u8 = Core.Num.impl_6__wrapping_sub (is_non_zero selector <: u8) 1uy in + let out:array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let out:array u8 (sz 32) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) <: - _) + _.f_IntoIter) out (fun out i -> Rust_primitives.Hax.update_at out @@ -113,6 +113,6 @@ let select_shared_secret_in_constant_time (lhs rhs: slice u8) (selector: u8) : a <: Prims.unit) <: - array u8 32sz) + array u8 (sz 32)) in out \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constants.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constants.fst index 481a0eb13..0724bd334 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constants.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constants.fst @@ -4,18 +4,18 @@ open Core let v_FIELD_MODULUS: i32 = 3329l -let v_BITS_PER_COEFFICIENT: usize = 12sz +let v_BITS_PER_COEFFICIENT: usize = sz 12 -let v_COEFFICIENTS_IN_RING_ELEMENT: usize = 256sz +let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 -let v_BITS_PER_RING_ELEMENT: usize = v_COEFFICIENTS_IN_RING_ELEMENT *. 12sz +let v_BITS_PER_RING_ELEMENT: usize = v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12 -let v_BYTES_PER_RING_ELEMENT: usize = v_BITS_PER_RING_ELEMENT /. 8sz +let v_BYTES_PER_RING_ELEMENT: usize = v_BITS_PER_RING_ELEMENT /! sz 8 -let v_REJECTION_SAMPLING_SEED_SIZE: usize = 168sz *. 5sz +let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 -let v_SHARED_SECRET_SIZE: usize = 32sz +let v_SHARED_SECRET_SIZE: usize = sz 32 -let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = 32sz +let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 let v_H_DIGEST_SIZE: usize = Libcrux.Digest.digest_size Libcrux.Digest.Algorithm_Sha3_256_ \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Conversions.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Conversions.fst index f8df61490..3ec51c19e 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Conversions.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Conversions.fst @@ -2,12 +2,12 @@ module Libcrux.Kem.Kyber.Conversions #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let into_padded_array (#len: usize) (slice: slice u8) : array u8 v_LEN = +let into_padded_array (#v_LEN: usize) (slice: slice u8) : array u8 v_LEN = let _:Prims.unit = if true then let _:Prims.unit = - if ~.((Core.Slice.len_under_impl slice <: usize) <=. v_LEN <: bool) + if ~.((Core.Slice.impl__len slice <: usize) <=. v_LEN <: bool) then Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: slice.len() <= LEN" @@ -19,14 +19,12 @@ let into_padded_array (#len: usize) (slice: slice u8) : array u8 v_LEN = let out:array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in let out:array u8 v_LEN = Rust_primitives.Hax.update_at out - ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = Core.Slice.len_under_impl slice <: usize - }) - (Core.Slice.copy_from_slice_under_impl (Core.Ops.Index.IndexMut.index_mut out + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize } + ) + (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut out ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = Core.Slice.len_under_impl slice <: usize + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize }) <: slice u8) @@ -36,58 +34,44 @@ let into_padded_array (#len: usize) (slice: slice u8) : array u8 v_LEN = in out -class t_UpdatingArray (v_Self: Type) = { push:self -> slice u8 -> self } +class t_UpdatingArray (#v_Self: Type) = { + [@@@ FStar.Tactics.Typeclasses.no_method]_super_447510783:t_UpdatingArray v_Self; + f_push:v_Self -> slice u8 -> v_Self +} -type t_UpdatableArray = { +type t_UpdatableArray (#v_LEN: usize) = { f_value:array u8 v_LEN; f_pointer:usize } -let new_under_impl (#len: usize) (value: array u8 v_LEN) : t_UpdatableArray v_LEN = - { - Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_value = value; - Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_pointer = 0sz - } +let impl__new (#v_LEN: usize) (value: array u8 v_LEN) : t_UpdatableArray v_LEN = + { f_value = value; f_pointer = sz 0 } -let array_under_impl (#len: usize) (self: t_UpdatableArray v_LEN) : array u8 v_LEN = - self.Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_value +let impl__array (#v_LEN: usize) (self: t_UpdatableArray v_LEN) : array u8 v_LEN = self.f_value -let impl (#len: usize) : t_UpdatingArray (t_UpdatableArray v_LEN) = +let impl_1 (#v_LEN: usize) : t_UpdatingArray (t_UpdatableArray v_LEN) = { - push + f_impl_1__push = - fun (#len: usize) (self: t_UpdatableArray v_LEN) (other: slice u8) -> + fun (#v_LEN: usize) (self: t_UpdatableArray v_LEN) (other: slice u8) -> let self:t_UpdatableArray v_LEN = { self with - Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_value + f_value = - Rust_primitives.Hax.update_at (Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_value self - <: - t_UpdatableArray v_LEN) + Rust_primitives.Hax.update_at (f_value self <: t_UpdatableArray v_LEN) ({ - Core.Ops.Range.Range.f_start - = - self.Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_pointer; - Core.Ops.Range.Range.f_end + Core.Ops.Range.f_start = self.f_pointer; + Core.Ops.Range.f_end = - self.Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_pointer +. - (Core.Slice.len_under_impl other <: usize) - <: - usize + self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize }) - (Core.Slice.copy_from_slice_under_impl (Core.Ops.Index.IndexMut.index_mut self - .Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_value + (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut self.f_value ({ - Core.Ops.Range.Range.f_start + Core.Ops.Range.f_start = self.f_pointer; + Core.Ops.Range.f_end = - self.Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_pointer; - Core.Ops.Range.Range.f_end - = - self.Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_pointer +. - (Core.Slice.len_under_impl other <: usize) - <: - usize + self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize }) <: slice u8) @@ -97,16 +81,10 @@ let impl (#len: usize) : t_UpdatingArray (t_UpdatableArray v_LEN) = } in let self:t_UpdatableArray v_LEN = - { - self with - Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_pointer - = - self.Libcrux.Kem.Kyber.Conversions.UpdatableArray.f_pointer +. - (Core.Slice.len_under_impl other <: usize) - } + { self with f_pointer = self.f_pointer +! (Core.Slice.impl__len other <: usize) } in self } let to_unsigned_representative (fe: i32) : u16 = - cast (fe +. ((fe <<. 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) \ No newline at end of file + cast (fe +! ((fe >>! 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) <: u16 \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst index 41e86e482..5aab4f9df 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst @@ -2,12 +2,35 @@ module Libcrux.Kem.Kyber.Hash_functions #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let v_G (input: slice u8) : array u8 64sz = Libcrux.Digest.sha3_512_ input +let v_G (input: slice u8) : array u8 (sz 64) = Libcrux.Digest.sha3_512_ input -let v_H (input: slice u8) : array u8 32sz = Libcrux.Digest.sha3_256_ input +let v_H (input: slice u8) : array u8 (sz 32) = Libcrux.Digest.sha3_256_ input -let v_PRF (#len: usize) (input: slice u8) : array u8 v_LEN = Libcrux.Digest.shake256 input +let v_PRF (#v_LEN: usize) (input: slice u8) : array u8 v_LEN = Libcrux.Digest.shake256 input -let v_XOF (#len: usize) (input: slice u8) : array u8 v_LEN = Libcrux.Digest.shake128 input +let v_XOFx4 (#v_LEN #v_K: usize) (input: array (array u8 (sz 34)) v_K) : array (array u8 v_LEN) v_K = + let out:array (array u8 v_LEN) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: array u8 v_LEN) v_K + in + let out:array (array u8 v_LEN) v_K = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + }) + <: + _.f_IntoIter) + out + (fun out i -> + Rust_primitives.Hax.update_at out + i + (Libcrux.Digest.shake128 (Rust_primitives.unsize (input.[ i ] <: array u8 (sz 34)) + <: + slice u8) + <: + array u8 v_LEN) + <: + array (array u8 v_LEN) v_K) + in + out -let v_KDF (#len: usize) (input: slice u8) : array u8 v_LEN = Libcrux.Digest.shake256 input \ No newline at end of file +let v_KDF (#v_LEN: usize) (input: slice u8) : array u8 v_LEN = Libcrux.Digest.shake256 input \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst index 4289469dd..95b6b1abb 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst @@ -2,120 +2,103 @@ module Libcrux.Kem.Kyber.Ind_cpa #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -type t_PrivateKey = { f_value:array u8 v_SIZE } +type t_PrivateKey (#v_SIZE: usize) = { f_value:array u8 v_SIZE } -let impl (#size: usize) : Core.Convert.t_AsRef (t_PrivateKey v_SIZE) (slice u8) = +let impl (#v_SIZE: usize) : Core.Convert.t_AsRef (t_PrivateKey v_SIZE) (slice u8) = { - as_ref + f_impl__as_ref = - fun (#size: usize) (self: t_PrivateKey v_SIZE) -> - Rust_primitives.unsize self.Libcrux.Kem.Kyber.Ind_cpa.PrivateKey.f_value + fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value } -let impl (#size: usize) : Core.Convert.t_From (t_PrivateKey v_SIZE) (array u8 v_SIZE) = - { - from - = - fun (#size: usize) (value: array u8 v_SIZE) -> - { Libcrux.Kem.Kyber.Ind_cpa.PrivateKey.f_value = value } - } +let impl_1 (#v_SIZE: usize) : Core.Convert.t_From (t_PrivateKey v_SIZE) (array u8 v_SIZE) = + { f_impl_1__from = fun (#v_SIZE: usize) (value: array u8 v_SIZE) -> { f_value = value } } -let impl (#size: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_PrivateKey v_SIZE) = - { - from - = - fun (#size: usize) (value: t_PrivateKey v_SIZE) -> - value.Libcrux.Kem.Kyber.Ind_cpa.PrivateKey.f_value - } +let impl_2 (#v_SIZE: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_PrivateKey v_SIZE) = + { f_impl_2__from = fun (#v_SIZE: usize) (value: t_PrivateKey v_SIZE) -> value.f_value } -let impl (#size: usize) : Core.Convert.t_TryFrom (t_PrivateKey v_SIZE) (slice u8) = +let impl_3 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_PrivateKey v_SIZE) (slice u8) = { - error = Core.Array.t_TryFromSliceError; - try_from + f_impl_3__Error = Core.Array.t_TryFromSliceError; + f_impl_3__try_from = - fun (#size: usize) (value: slice u8) -> + fun (#v_SIZE: usize) (value: slice u8) -> Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist2:array u8 v_SIZE = match - Core.Ops.Try_trait.Try.branch (Core.Convert.TryInto.try_into value + Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value <: - Core.Result.t_Result (array u8 v_SIZE) _) + Core.Result.t_Result (array u8 v_SIZE) _.f_Error) with - | Core.Ops.Control_flow.ControlFlow_Break residual -> + | Core.Ops.Control_flow.ControlFlow_Break + { Core.Ops.Control_flow.ControlFlow._0 = residual } -> let* hoist1:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.FromResidual.from_residual - residual + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + <: Core.Result.t_Result (t_PrivateKey v_SIZE) Core.Array.t_TryFromSliceError) in Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist1) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + | Core.Ops.Control_flow.ControlFlow_Continue + { Core.Ops.Control_flow.ControlFlow._0 = v_val } -> Core.Ops.Control_flow.ControlFlow_Continue v_val in Core.Ops.Control_flow.ControlFlow_Continue - (let hoist3:t_PrivateKey v_SIZE = - { Libcrux.Kem.Kyber.Ind_cpa.PrivateKey.f_value = hoist2 } - in + (let hoist3:t_PrivateKey v_SIZE = { f_value = hoist2 } in Core.Result.Result_Ok hoist3)) } -let impl (#size: usize) : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) usize = +let impl_4 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) usize = { - output = u8; - index + f_impl_4__Output = u8; + f_impl_4__index = - fun (#size: usize) (self: t_PrivateKey v_SIZE) (index: usize) -> - self.Libcrux.Kem.Kyber.Ind_cpa.PrivateKey.f_value.[ index ] + fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (index: usize) -> self.f_value.[ index ] } -let impl (#size: usize) +let impl_5 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) (Core.Ops.Range.t_Range usize) = { - output = slice u8; - index + f_impl_5__Output = slice u8; + f_impl_5__index = - fun (#size: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> - self.Libcrux.Kem.Kyber.Ind_cpa.PrivateKey.f_value.[ range ] + fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> + self.f_value.[ range ] } -let impl (#size: usize) +let impl_6 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) (Core.Ops.Range.t_RangeTo usize) = { - output = slice u8; - index + f_impl_6__Output = slice u8; + f_impl_6__index = - fun (#size: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> - self.Libcrux.Kem.Kyber.Ind_cpa.PrivateKey.f_value.[ range ] + fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> + self.f_value.[ range ] } -let impl (#size: usize) +let impl_7 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = { - output = slice u8; - index + f_impl_7__Output = slice u8; + f_impl_7__index = - fun (#size: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeFrom usize) -> - self.Libcrux.Kem.Kyber.Ind_cpa.PrivateKey.f_value.[ range ] + fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeFrom usize) -> + self.f_value.[ range ] } -let as_slice_under_impl_8 (#size: usize) (self: t_PrivateKey v_SIZE) : array u8 v_SIZE = - self.Libcrux.Kem.Kyber.Ind_cpa.PrivateKey.f_value +let impl_8__as_slice (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) : array u8 v_SIZE = self.f_value -let split_at_under_impl_8 (#size: usize) (self: t_PrivateKey v_SIZE) (mid: usize) +let impl_8__split_at (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (mid: usize) : (slice u8 & slice u8) = - Core.Slice.split_at_under_impl (Rust_primitives.unsize self - .Libcrux.Kem.Kyber.Ind_cpa.PrivateKey.f_value - <: - slice u8) - mid + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: slice u8) mid -let len_under_impl_8 (#size: usize) (self: t_PrivateKey v_SIZE) : usize = v_SIZE +let impl_8__len (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) : usize = v_SIZE -let sample_matrix_A (#k: usize) (seed: array u8 34sz) (transpose: bool) +let sample_matrix_A (#v_K: usize) (seed: array u8 (sz 34)) (transpose: bool) : (array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = let v_A_transpose:array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K <: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) @@ -125,38 +108,67 @@ let sample_matrix_A (#k: usize) (seed: array u8 34sz) (transpose: bool) = Core.Option.Option_None in - let v_A_transpose, sampling_A_error, seed:(array + let v_A_transpose, sampling_A_error:(array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & - Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError & - array u8 34sz) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = v_K + Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K }) <: - _) - (v_A_transpose, sampling_A_error, seed) - (fun (v_A_transpose, sampling_A_error, seed) i -> - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = v_K + _.f_IntoIter) + (v_A_transpose, sampling_A_error) + (fun (v_A_transpose, sampling_A_error) i -> + let seeds:array (array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in + let seeds:array (array u8 (sz 34)) v_K = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + }) + <: + _.f_IntoIter) + seeds + (fun seeds j -> + let seeds:array (array u8 (sz 34)) v_K = + Rust_primitives.Hax.update_at seeds + j + (Rust_primitives.Hax.update_at (seeds.[ j ] <: array u8 (sz 34)) + (sz 32) + (cast i <: u8) + <: + array u8 (sz 34)) + in + let seeds:array (array u8 (sz 34)) v_K = + Rust_primitives.Hax.update_at seeds + j + (Rust_primitives.Hax.update_at (seeds.[ j ] <: array u8 (sz 34)) + (sz 33) + (cast j <: u8) + <: + array u8 (sz 34)) + in + seeds) + in + let xof_bytes:array (array u8 (sz 840)) v_K = + Libcrux.Kem.Kyber.Hash_functions.v_XOFx4 seeds + in + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K }) <: - _) - (v_A_transpose, sampling_A_error, seed) - (fun (v_A_transpose, sampling_A_error, seed) j -> - let seed:array u8 34sz = Rust_primitives.Hax.update_at seed 32sz (cast i) in - let seed:array u8 34sz = Rust_primitives.Hax.update_at seed 33sz (cast j) in - let (xof_bytes: array u8 840sz):array u8 840sz = - Libcrux.Kem.Kyber.Hash_functions.v_XOF (Rust_primitives.unsize seed <: slice u8) - in + _.f_IntoIter) + (v_A_transpose, sampling_A_error) + (fun (v_A_transpose, sampling_A_error) j -> let sampled, error:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution xof_bytes + Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution (xof_bytes.[ j ] + <: + array u8 (sz 840)) in let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = - if Core.Option.is_some_under_impl error + if Core.Option.impl__is_some error then let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = @@ -179,7 +191,7 @@ let sample_matrix_A (#k: usize) (seed: array u8 34sz) (transpose: bool) <: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in - v_A_transpose, sampling_A_error, seed + v_A_transpose, sampling_A_error else let v_A_transpose:array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K = @@ -193,35 +205,31 @@ let sample_matrix_A (#k: usize) (seed: array u8 34sz) (transpose: bool) <: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in - v_A_transpose, sampling_A_error, seed) - <: - (array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & - Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError & - array u8 34sz)) + v_A_transpose, sampling_A_error)) in v_A_transpose, sampling_A_error -let cbd (#k: usize) (prf_input: array u8 33sz) +let cbd (#v_K: usize) (prf_input: array u8 (sz 33)) : (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K & u8) = let domain_separator:u8 = 0uy in let re_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl v_K + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K in - let domain_separator, prf_input, re_as_ntt:(Prims.unit & array u8 33sz & + let domain_separator, prf_input, re_as_ntt:(Prims.unit & array u8 (sz 33) & array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = v_K + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K }) <: - _) + _.f_IntoIter) (domain_separator, prf_input, re_as_ntt) (fun (domain_separator, prf_input, re_as_ntt) i -> - let prf_input:array u8 33sz = - Rust_primitives.Hax.update_at prf_input 32sz domain_separator + let prf_input:array u8 (sz 33) = + Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator in - let domain_separator:Prims.unit = domain_separator +. 1uy in - let (prf_output: array u8 128sz):array u8 128sz = + let domain_separator:Prims.unit = domain_separator +! 1uy in + let (prf_output: array u8 (sz 128)):array u8 (sz 128) = Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: slice u8) in let r:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -239,38 +247,40 @@ let cbd (#k: usize) (prf_input: array u8 33sz) re_as_ntt, domain_separator let encode_12_ - (#k #out_len: usize) + (#v_K #v_OUT_LEN: usize) (input: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) : array u8 v_OUT_LEN = let out:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Iter.Traits.Collect.IntoIterator.into_iter input <: _) + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Iter.Traits.Collect.f_into_iter input <: _.f_IntoIter) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) <: - _) + _.f_IntoIter) out (fun out (i, re) -> Rust_primitives.Hax.update_at out ({ - Core.Ops.Range.Range.f_start + Core.Ops.Range.f_start = - i *. Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.Range.f_end + i *! Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end = - (i +. 1sz <: usize) *. Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT <: usize + (i +! sz 1 <: usize) *! Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT + <: + usize }) - (Core.Slice.copy_from_slice_under_impl (Core.Ops.Index.IndexMut.index_mut out + (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut out ({ - Core.Ops.Range.Range.f_start + Core.Ops.Range.f_start = - i *. Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.Range.f_end + i *! Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end = - (i +. 1sz <: usize) *. Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT + (i +! sz 1 <: usize) *! Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT <: usize }) @@ -278,7 +288,7 @@ let encode_12_ slice u8) (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.serialize_little_endian re <: - array u8 384sz) + array u8 (sz 384)) <: slice u8) <: @@ -289,40 +299,38 @@ let encode_12_ out let generate_keypair - (#k #private_key_size #public_key_size #bytes_per_ring_element: usize) + (#v_K #v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE #v_BYTES_PER_RING_ELEMENT: usize) (key_generation_seed: slice u8) : ((t_PrivateKey v_PRIVATE_KEY_SIZE & Libcrux.Kem.Kyber.t_KyberPublicKey v_PUBLIC_KEY_SIZE) & Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - let (prf_input: array u8 33sz):array u8 33sz = Rust_primitives.Hax.repeat 0uy 33sz in + let (prf_input: array u8 (sz 33)):array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in let secret_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl v_K + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K in let error_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl v_K + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K in let (domain_separator: u8):u8 = 0uy in - let hashed:array u8 64sz = Libcrux.Kem.Kyber.Hash_functions.v_G key_generation_seed in + let hashed:array u8 (sz 64) = Libcrux.Kem.Kyber.Hash_functions.v_G key_generation_seed in let seed_for_A, seed_for_secret_and_error:(slice u8 & slice u8) = - Core.Slice.split_at_under_impl (Rust_primitives.unsize hashed <: slice u8) 32sz + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: slice u8) (sz 32) in let v_A_transpose, sampling_A_error:(array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - sample_matrix_A (Libcrux.Kem.Kyber.Conversions.into_padded_array seed_for_A <: array u8 34sz) + sample_matrix_A (Libcrux.Kem.Kyber.Conversions.into_padded_array seed_for_A <: array u8 (sz 34)) true in - let prf_input:array u8 33sz = + let prf_input:array u8 (sz 33) = Rust_primitives.Hax.update_at prf_input ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = Core.Slice.len_under_impl seed_for_secret_and_error <: usize + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Core.Slice.impl__len seed_for_secret_and_error <: usize }) - (Core.Slice.copy_from_slice_under_impl (Core.Ops.Index.IndexMut.index_mut prf_input + (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut prf_input ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end - = - Core.Slice.len_under_impl seed_for_secret_and_error <: usize + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Core.Slice.impl__len seed_for_secret_and_error <: usize }) <: slice u8) @@ -330,21 +338,21 @@ let generate_keypair <: slice u8) in - let domain_separator, prf_input, secret_as_ntt:(Prims.unit & array u8 33sz & + let domain_separator, prf_input, secret_as_ntt:(Prims.unit & array u8 (sz 33) & array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = v_K + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K }) <: - _) + _.f_IntoIter) (domain_separator, prf_input, secret_as_ntt) (fun (domain_separator, prf_input, secret_as_ntt) i -> - let prf_input:array u8 33sz = - Rust_primitives.Hax.update_at prf_input 32sz domain_separator + let prf_input:array u8 (sz 33) = + Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator in - let domain_separator:Prims.unit = domain_separator +. 1uy in - let (prf_output: array u8 128sz):array u8 128sz = + let domain_separator:Prims.unit = domain_separator +! 1uy in + let (prf_output: array u8 (sz 128)):array u8 (sz 128) = Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: slice u8) in let secret:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -361,20 +369,20 @@ let generate_keypair in let domain_separator, error_as_ntt, prf_input:(Prims.unit & array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K & - array u8 33sz) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = v_K + array u8 (sz 33)) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K }) <: - _) + _.f_IntoIter) (domain_separator, error_as_ntt, prf_input) (fun (domain_separator, error_as_ntt, prf_input) i -> - let prf_input:array u8 33sz = - Rust_primitives.Hax.update_at prf_input 32sz domain_separator + let prf_input:array u8 (sz 33) = + Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator in - let domain_separator:Prims.unit = domain_separator +. 1uy in - let (prf_output: array u8 128sz):array u8 128sz = + let domain_separator:Prims.unit = domain_separator +! 1uy in + let (prf_output: array u8 (sz 128)):array u8 (sz 128) = Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: slice u8) in let error:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -389,58 +397,56 @@ let generate_keypair in domain_separator, error_as_ntt, prf_input) in - let t__as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let tt_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Libcrux.Kem.Kyber.Ntt.multiply_matrix_by_column v_A_transpose secret_as_ntt in - let t__as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = v_K + let tt_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K }) <: - _) - t__as_ntt - (fun t__as_ntt i -> - Rust_primitives.Hax.update_at t__as_ntt + _.f_IntoIter) + tt_as_ntt + (fun tt_as_ntt i -> + Rust_primitives.Hax.update_at tt_as_ntt i - ((t__as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +. + ((tt_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +! (error_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - _) + (Libcrux.Kem.Kyber.Arithmetic.t_impl_3).f_Output) <: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in let public_key_serialized:Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_PUBLIC_KEY_SIZE = - Libcrux.Kem.Kyber.Conversions.new_under_impl (Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE + Libcrux.Kem.Kyber.Conversions.impl__new (Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE <: array u8 v_PUBLIC_KEY_SIZE) in let public_key_serialized:Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_PUBLIC_KEY_SIZE = - Libcrux.Kem.Kyber.Conversions.UpdatingArray.push public_key_serialized - (Rust_primitives.unsize (encode_12_ t__as_ntt <: array u8 v_BYTES_PER_RING_ELEMENT) + Libcrux.Kem.Kyber.Conversions.f_push public_key_serialized + (Rust_primitives.unsize (encode_12_ tt_as_ntt <: array u8 v_BYTES_PER_RING_ELEMENT) <: slice u8) in let public_key_serialized:array u8 v_PUBLIC_KEY_SIZE = - Libcrux.Kem.Kyber.Conversions.array_under_impl (Libcrux.Kem.Kyber.Conversions.UpdatingArray.push - public_key_serialized + Libcrux.Kem.Kyber.Conversions.impl__array (Libcrux.Kem.Kyber.Conversions.f_push public_key_serialized seed_for_A <: Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_PUBLIC_KEY_SIZE) in let secret_key_serialized:array u8 v_PRIVATE_KEY_SIZE = encode_12_ secret_as_ntt in - FStar.Pervasives.Native.Mktuple2 (Core.Convert.Into.into secret_key_serialized) - (Core.Convert.Into.into public_key_serialized), + FStar.Pervasives.Native.Mktuple2 (Core.Convert.f_into secret_key_serialized) + (Core.Convert.f_into public_key_serialized), sampling_A_error let serialize_secret_key - (#serialized_key_len: usize) + (#v_SERIALIZED_KEY_LEN: usize) (private_key public_key implicit_rejection_value: slice u8) : array u8 v_SERIALIZED_KEY_LEN = - Libcrux.Kem.Kyber.Conversions.array_under_impl (Libcrux.Kem.Kyber.Conversions.UpdatingArray.push (Libcrux.Kem.Kyber.Conversions.UpdatingArray.push - (Libcrux.Kem.Kyber.Conversions.UpdatingArray.push (Libcrux.Kem.Kyber.Conversions.UpdatingArray.push - (Libcrux.Kem.Kyber.Conversions.new_under_impl (Rust_primitives.Hax.repeat 0uy - v_SERIALIZED_KEY_LEN + Libcrux.Kem.Kyber.Conversions.impl__array (Libcrux.Kem.Kyber.Conversions.f_push (Libcrux.Kem.Kyber.Conversions.f_push + (Libcrux.Kem.Kyber.Conversions.f_push (Libcrux.Kem.Kyber.Conversions.f_push (Libcrux.Kem.Kyber.Conversions.impl__new + (Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN <: array u8 v_SERIALIZED_KEY_LEN) <: @@ -453,7 +459,7 @@ let serialize_secret_key Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_SERIALIZED_KEY_LEN) (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H public_key <: - array u8 32sz) + array u8 (sz 32)) <: slice u8) <: @@ -463,34 +469,32 @@ let serialize_secret_key Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_SERIALIZED_KEY_LEN) let compress_then_encode_u - (#k #out_len #compression_factor #block_len: usize) + (#v_K #v_OUT_LEN #v_COMPRESSION_FACTOR #v_BLOCK_LEN: usize) (input: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) : array u8 v_OUT_LEN = let out:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Iter.Traits.Collect.IntoIterator.into_iter input <: _) + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Iter.Traits.Collect.f_into_iter input <: _.f_IntoIter) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) <: - _) + _.f_IntoIter) out (fun out (i, re) -> Rust_primitives.Hax.update_at out ({ - Core.Ops.Range.Range.f_start = i *. (v_OUT_LEN /. v_K <: usize) <: usize; - Core.Ops.Range.Range.f_end - = - (i +. 1sz <: usize) *. (v_OUT_LEN /. v_K <: usize) <: usize + Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; + Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize }) - (Core.Slice.copy_from_slice_under_impl (Core.Ops.Index.IndexMut.index_mut out + (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut out ({ - Core.Ops.Range.Range.f_start = i *. (v_OUT_LEN /. v_K <: usize) <: usize; - Core.Ops.Range.Range.f_end + Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; + Core.Ops.Range.f_end = - (i +. 1sz <: usize) *. (v_OUT_LEN /. v_K <: usize) <: usize + (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize }) <: slice u8) @@ -510,20 +514,20 @@ let compress_then_encode_u out let encrypt - (#k #ciphertext_size #t__as_ntt_encoded_size #c1_len #c2_len #vector_u_compression_factor #vector_v_compression_factor #block_len: + (#v_K #v_CIPHERTEXT_SIZE #v_T_AS_NTT_ENCODED_SIZE #v_C1_LEN #v_C2_LEN #v_VECTOR_U_COMPRESSION_FACTOR #v_VECTOR_V_COMPRESSION_FACTOR #v_BLOCK_LEN: usize) (public_key: slice u8) - (message: array u8 32sz) + (message: array u8 (sz 32)) (randomness: slice u8) : (Libcrux.Kem.Kyber.t_KyberCiphertext v_CIPHERTEXT_SIZE & Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - let t__as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl v_K + let tt_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K in - let t__as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl (public_key.[ { - Core.Ops.Range.RangeTo.f_end = v_T_AS_NTT_ENCODED_SIZE + let tt_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact (public_key.[ { + Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } ] <: slice u8) @@ -533,26 +537,24 @@ let encrypt <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - _) - t__as_ntt - (fun t__as_ntt (i, t__as_ntt_bytes) -> - Rust_primitives.Hax.update_at t__as_ntt + _.f_IntoIter) + tt_as_ntt + (fun tt_as_ntt (i, tt_as_ntt_bytes) -> + Rust_primitives.Hax.update_at tt_as_ntt i - (Libcrux.Kem.Kyber.Serialize.deserialize_little_endian t__as_ntt_bytes + (Libcrux.Kem.Kyber.Serialize.deserialize_little_endian tt_as_ntt_bytes <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in - let seed:slice u8 = - public_key.[ { Core.Ops.Range.RangeFrom.f_start = v_T_AS_NTT_ENCODED_SIZE } ] - in + let seed:slice u8 = public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } ] in let v_A_transpose, sampling_A_error:(array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - sample_matrix_A (Libcrux.Kem.Kyber.Conversions.into_padded_array seed <: array u8 34sz) false + sample_matrix_A (Libcrux.Kem.Kyber.Conversions.into_padded_array seed <: array u8 (sz 34)) false in - let (prf_input: array u8 33sz):array u8 33sz = + let (prf_input: array u8 (sz 33)):array u8 (sz 33) = Libcrux.Kem.Kyber.Conversions.into_padded_array randomness in let r_as_ntt, domain_separator:(array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement @@ -561,24 +563,24 @@ let encrypt cbd prf_input in let error_1_:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl v_K + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K in let domain_separator, error_1_, prf_input:(Prims.unit & array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K & - array u8 33sz) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = v_K + array u8 (sz 33)) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K }) <: - _) + _.f_IntoIter) (domain_separator, error_1_, prf_input) (fun (domain_separator, error_1_, prf_input) i -> - let prf_input:array u8 33sz = - Rust_primitives.Hax.update_at prf_input 32sz domain_separator + let prf_input:array u8 (sz 33) = + Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator in - let domain_separator:Prims.unit = domain_separator +. 1uy in - let (prf_output: array u8 128sz):array u8 128sz = + let domain_separator:Prims.unit = domain_separator +! 1uy in + let (prf_output: array u8 (sz 128)):array u8 (sz 128) = Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: slice u8) in let error_1_:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = @@ -590,8 +592,10 @@ let encrypt in domain_separator, error_1_, prf_input) in - let prf_input:array u8 33sz = Rust_primitives.Hax.update_at prf_input 32sz domain_separator in - let (prf_output: array u8 128sz):array u8 128sz = + let prf_input:array u8 (sz 33) = + Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator + in + let (prf_output: array u8 (sz 128)):array u8 (sz 128) = Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: slice u8) in let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -601,12 +605,12 @@ let encrypt Libcrux.Kem.Kyber.Ntt.multiply_matrix_by_column_montgomery v_A_transpose r_as_ntt in let u:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = v_K + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K }) <: - _) + _.f_IntoIter) u (fun u i -> Rust_primitives.Hax.update_at u @@ -615,10 +619,10 @@ let encrypt <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +. + Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +! (error_1_.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - _) + (Libcrux.Kem.Kyber.Arithmetic.t_impl_3).f_Output) <: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in @@ -629,16 +633,16 @@ let encrypt in let v = ((Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery (Libcrux.Kem.Kyber.Ntt.multiply_row_by_column_montgomery - t__as_ntt + tt_as_ntt r_as_ntt <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +. + Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +! error_2_ <: - _) +. - (Libcrux.Kem.Kyber.Compress.decompress message_as_ring_element 1sz + (Libcrux.Kem.Kyber.Arithmetic.t_impl_3).f_Output) +! + (Libcrux.Kem.Kyber.Compress.decompress message_as_ring_element (sz 1) <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) in @@ -653,41 +657,41 @@ let encrypt in let ciphertext:array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.update_at ciphertext - ({ Core.Ops.Range.RangeFrom.f_start = v_C1_LEN }) - (Core.Slice.copy_from_slice_under_impl (Core.Ops.Index.IndexMut.index_mut ciphertext - ({ Core.Ops.Range.RangeFrom.f_start = v_C1_LEN }) + ({ Core.Ops.Range.f_start = v_C1_LEN }) + (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut ciphertext + ({ Core.Ops.Range.f_start = v_C1_LEN }) <: slice u8) - (Core.Array.as_slice_under_impl_23 c2 <: slice u8) + (Core.Array.impl_23__as_slice c2 <: slice u8) <: slice u8) in - Core.Convert.Into.into ciphertext, sampling_A_error + Core.Convert.f_into ciphertext, sampling_A_error let decrypt - (#k #ciphertext_size #vector_u_encoded_size #vector_u_compression_factor #vector_v_compression_factor: + (#v_K #v_CIPHERTEXT_SIZE #v_VECTOR_U_ENCODED_SIZE #v_VECTOR_U_COMPRESSION_FACTOR #v_VECTOR_V_COMPRESSION_FACTOR: usize) (secret_key: slice u8) (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext v_CIPHERTEXT_SIZE) - : array u8 32sz = + : array u8 (sz 32) = let u_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl v_K + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K in let secret_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl v_K + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K in let u_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl (ciphertext.[ { - Core.Ops.Range.RangeTo.f_end = v_VECTOR_U_ENCODED_SIZE + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact (ciphertext.[ { + Core.Ops.Range.f_end = v_VECTOR_U_ENCODED_SIZE } ] <: slice u8) - ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. + ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR <: - usize) /. - 8sz + usize) /! + sz 8 <: usize) <: @@ -695,7 +699,7 @@ let decrypt <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - _) + _.f_IntoIter) u_as_ntt (fun u_as_ntt (i, u_bytes) -> let u:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -705,7 +709,7 @@ let decrypt Rust_primitives.Hax.update_at u_as_ntt i (Libcrux.Kem.Kyber.Ntt.ntt_representation (Libcrux.Kem.Kyber.Compress.decompress u - 10sz + (sz 10) <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: @@ -715,7 +719,7 @@ let decrypt in let v:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = Libcrux.Kem.Kyber.Compress.decompress (Libcrux.Kem.Kyber.Serialize.deserialize_little_endian (ciphertext.[ - { Core.Ops.Range.RangeFrom.f_start = v_VECTOR_U_ENCODED_SIZE } ] + { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE } ] <: slice u8) <: @@ -723,15 +727,15 @@ let decrypt v_VECTOR_V_COMPRESSION_FACTOR in let secret_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl secret_key + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact secret_key Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - _) + _.f_IntoIter) secret_as_ntt (fun secret_as_ntt (i, secret_bytes) -> Rust_primitives.Hax.update_at secret_as_ntt @@ -743,7 +747,7 @@ let decrypt array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in let message = - v -. + v -! (Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery (Libcrux.Kem.Kyber.Ntt.multiply_row_by_column_montgomery secret_as_ntt u_as_ntt diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst index 1aeea5b15..3ab01eee6 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst @@ -2,76 +2,76 @@ module Libcrux.Kem.Kyber.Kyber1024 #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let v_RANK_1024_: usize = 4sz +let v_RANK_1024_: usize = sz 4 let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize = - (v_RANK_1024_ *. Libcrux.Kem.Kyber.Constants.v_BITS_PER_RING_ELEMENT <: usize) /. 8sz + (v_RANK_1024_ *! Libcrux.Kem.Kyber.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 let v_T_AS_NTT_ENCODED_SIZE_1024_: usize = - ((v_RANK_1024_ *. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *. + ((v_RANK_1024_ *! Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT <: - usize) /. - 8sz + usize) /! + sz 8 -let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = 11sz +let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = sz 11 let v_C1_BLOCK_SIZE_1024_: usize = - (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. v_VECTOR_U_COMPRESSION_FACTOR_1024_ + (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_1024_ <: - usize) /. - 8sz + usize) /! + sz 8 -let v_C1_SIZE_1024_: usize = v_C1_BLOCK_SIZE_1024_ *. v_RANK_1024_ +let v_C1_SIZE_1024_: usize = v_C1_BLOCK_SIZE_1024_ *! v_RANK_1024_ -let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = 5sz +let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = sz 5 let v_C2_SIZE_1024_: usize = - (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. v_VECTOR_V_COMPRESSION_FACTOR_1024_ + (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_1024_ <: - usize) /. - 8sz + usize) /! + sz 8 let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize = - ((v_RANK_1024_ *. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *. + ((v_RANK_1024_ *! Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT <: - usize) /. - 8sz + usize) /! + sz 8 -let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = v_T_AS_NTT_ENCODED_SIZE_1024_ +. 32sz +let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = v_T_AS_NTT_ENCODED_SIZE_1024_ +! sz 32 -let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +. v_C2_SIZE_1024_ +let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ let v_SECRET_KEY_SIZE_1024_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_1024_ +. v_CPA_PKE_PUBLIC_KEY_SIZE_1024_ <: usize) +. + ((v_CPA_PKE_SECRET_KEY_SIZE_1024_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_1024_ <: usize) +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE <: - usize) +. + usize) +! Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE -let t_Kyber1024Ciphertext = Libcrux.Kem.Kyber.t_KyberCiphertext 1568sz +let t_Kyber1024Ciphertext = Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1568) -let t_Kyber1024PrivateKey = Libcrux.Kem.Kyber.t_KyberPrivateKey 3168sz +let t_Kyber1024PrivateKey = Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 3168) -let t_Kyber1024PublicKey = Libcrux.Kem.Kyber.t_KyberPublicKey 1568sz +let t_Kyber1024PublicKey = Libcrux.Kem.Kyber.t_KyberPublicKey (sz 1568) -let t_Kyber1024SharedSecret = Libcrux.Kem.Kyber.t_KyberSharedSecret 32sz +let t_Kyber1024SharedSecret = Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32) -let generate_key_pair_1024_ (randomness: array u8 64sz) - : Core.Result.t_Result (Libcrux.Kem.Kyber.t_KyberKeyPair 3168sz 1568sz) +let generate_key_pair_1024_ (randomness: array u8 (sz 64)) + : Core.Result.t_Result (Libcrux.Kem.Kyber.t_KyberKeyPair (sz 3168) (sz 1568)) Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = Libcrux.Kem.Kyber.generate_keypair randomness let encapsulate_1024_ - (public_key: Libcrux.Kem.Kyber.t_KyberPublicKey 1568sz) - (randomness: array u8 32sz) + (public_key: Libcrux.Kem.Kyber.t_KyberPublicKey (sz 1568)) + (randomness: array u8 (sz 32)) : Core.Result.t_Result - (Libcrux.Kem.Kyber.t_KyberCiphertext 1568sz & Libcrux.Kem.Kyber.t_KyberSharedSecret 32sz) - Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = + (Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1568) & Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32) + ) Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = Libcrux.Kem.Kyber.encapsulate public_key randomness let decapsulate_1024_ - (secret_key: Libcrux.Kem.Kyber.t_KyberPrivateKey 3168sz) - (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext 1568sz) - : array u8 32sz = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file + (secret_key: Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 3168)) + (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1568)) + : array u8 (sz 32) = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst index d596743cf..dae0e7871 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst @@ -2,76 +2,76 @@ module Libcrux.Kem.Kyber.Kyber512 #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let v_RANK_512_: usize = 2sz +let v_RANK_512_: usize = sz 2 let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = - (v_RANK_512_ *. Libcrux.Kem.Kyber.Constants.v_BITS_PER_RING_ELEMENT <: usize) /. 8sz + (v_RANK_512_ *! Libcrux.Kem.Kyber.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 let v_T_AS_NTT_ENCODED_SIZE_512_: usize = - ((v_RANK_512_ *. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *. + ((v_RANK_512_ *! Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT <: - usize) /. - 8sz + usize) /! + sz 8 -let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = 10sz +let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 let v_C1_BLOCK_SIZE_512_: usize = - (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. v_VECTOR_U_COMPRESSION_FACTOR_512_ + (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_512_ <: - usize) /. - 8sz + usize) /! + sz 8 -let v_C1_SIZE_512_: usize = v_C1_BLOCK_SIZE_512_ *. v_RANK_512_ +let v_C1_SIZE_512_: usize = v_C1_BLOCK_SIZE_512_ *! v_RANK_512_ -let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = 4sz +let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 let v_C2_SIZE_512_: usize = - (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. v_VECTOR_V_COMPRESSION_FACTOR_512_ + (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_512_ <: - usize) /. - 8sz + usize) /! + sz 8 let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = - ((v_RANK_512_ *. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *. + ((v_RANK_512_ *! Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT <: - usize) /. - 8sz + usize) /! + sz 8 -let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +. 32sz +let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +! sz 32 -let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +. v_C2_SIZE_512_ +let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ let v_SECRET_KEY_SIZE_512_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_512_ +. v_CPA_PKE_PUBLIC_KEY_SIZE_512_ <: usize) +. + ((v_CPA_PKE_SECRET_KEY_SIZE_512_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_512_ <: usize) +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE <: - usize) +. + usize) +! Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE -let t_Kyber512Ciphertext = Libcrux.Kem.Kyber.t_KyberCiphertext 768sz +let t_Kyber512Ciphertext = Libcrux.Kem.Kyber.t_KyberCiphertext (sz 768) -let t_Kyber512PrivateKey = Libcrux.Kem.Kyber.t_KyberPrivateKey 1632sz +let t_Kyber512PrivateKey = Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 1632) -let t_Kyber512PublicKey = Libcrux.Kem.Kyber.t_KyberPublicKey 800sz +let t_Kyber512PublicKey = Libcrux.Kem.Kyber.t_KyberPublicKey (sz 800) -let t_Kyber512SharedSecret = Libcrux.Kem.Kyber.t_KyberSharedSecret 32sz +let t_Kyber512SharedSecret = Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32) -let generate_key_pair_512_ (randomness: array u8 64sz) - : Core.Result.t_Result (Libcrux.Kem.Kyber.t_KyberKeyPair 1632sz 800sz) +let generate_key_pair_512_ (randomness: array u8 (sz 64)) + : Core.Result.t_Result (Libcrux.Kem.Kyber.t_KyberKeyPair (sz 1632) (sz 800)) Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = Libcrux.Kem.Kyber.generate_keypair randomness let encapsulate_512_ - (public_key: Libcrux.Kem.Kyber.t_KyberPublicKey 800sz) - (randomness: array u8 32sz) + (public_key: Libcrux.Kem.Kyber.t_KyberPublicKey (sz 800)) + (randomness: array u8 (sz 32)) : Core.Result.t_Result - (Libcrux.Kem.Kyber.t_KyberCiphertext 768sz & Libcrux.Kem.Kyber.t_KyberSharedSecret 32sz) + (Libcrux.Kem.Kyber.t_KyberCiphertext (sz 768) & Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32)) Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = Libcrux.Kem.Kyber.encapsulate public_key randomness let decapsulate_512_ - (secret_key: Libcrux.Kem.Kyber.t_KyberPrivateKey 1632sz) - (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext 768sz) - : array u8 32sz = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file + (secret_key: Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 1632)) + (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext (sz 768)) + : array u8 (sz 32) = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst index 4a0b95e9b..73ad919f3 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst @@ -2,76 +2,76 @@ module Libcrux.Kem.Kyber.Kyber768 #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let v_RANK_768_: usize = 3sz +let v_RANK_768_: usize = sz 3 let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize = - (v_RANK_768_ *. Libcrux.Kem.Kyber.Constants.v_BITS_PER_RING_ELEMENT <: usize) /. 8sz + (v_RANK_768_ *! Libcrux.Kem.Kyber.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 let v_T_AS_NTT_ENCODED_SIZE_768_: usize = - ((v_RANK_768_ *. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *. + ((v_RANK_768_ *! Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT <: - usize) /. - 8sz + usize) /! + sz 8 -let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = 10sz +let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = sz 10 let v_C1_BLOCK_SIZE_768_: usize = - (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. v_VECTOR_U_COMPRESSION_FACTOR_768_ + (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_768_ <: - usize) /. - 8sz + usize) /! + sz 8 -let v_C1_SIZE_768_: usize = v_C1_BLOCK_SIZE_768_ *. v_RANK_768_ +let v_C1_SIZE_768_: usize = v_C1_BLOCK_SIZE_768_ *! v_RANK_768_ -let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = 4sz +let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = sz 4 let v_C2_SIZE_768_: usize = - (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. v_VECTOR_V_COMPRESSION_FACTOR_768_ + (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_768_ <: - usize) /. - 8sz + usize) /! + sz 8 let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize = - ((v_RANK_768_ *. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *. + ((v_RANK_768_ *! Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT <: - usize) /. - 8sz + usize) /! + sz 8 -let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = v_T_AS_NTT_ENCODED_SIZE_768_ +. 32sz +let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = v_T_AS_NTT_ENCODED_SIZE_768_ +! sz 32 -let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +. v_C2_SIZE_768_ +let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ let v_SECRET_KEY_SIZE_768_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_768_ +. v_CPA_PKE_PUBLIC_KEY_SIZE_768_ <: usize) +. + ((v_CPA_PKE_SECRET_KEY_SIZE_768_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_768_ <: usize) +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE <: - usize) +. + usize) +! Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE -let t_Kyber768Ciphertext = Libcrux.Kem.Kyber.t_KyberCiphertext 1088sz +let t_Kyber768Ciphertext = Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1088) -let t_Kyber768PrivateKey = Libcrux.Kem.Kyber.t_KyberPrivateKey 2400sz +let t_Kyber768PrivateKey = Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 2400) -let t_Kyber768PublicKey = Libcrux.Kem.Kyber.t_KyberPublicKey 1184sz +let t_Kyber768PublicKey = Libcrux.Kem.Kyber.t_KyberPublicKey (sz 1184) -let t_Kyber768SharedSecret = Libcrux.Kem.Kyber.t_KyberSharedSecret 32sz +let t_Kyber768SharedSecret = Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32) -let generate_key_pair_768_ (randomness: array u8 64sz) - : Core.Result.t_Result (Libcrux.Kem.Kyber.t_KyberKeyPair 2400sz 1184sz) +let generate_key_pair_768_ (randomness: array u8 (sz 64)) + : Core.Result.t_Result (Libcrux.Kem.Kyber.t_KyberKeyPair (sz 2400) (sz 1184)) Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = Libcrux.Kem.Kyber.generate_keypair randomness let encapsulate_768_ - (public_key: Libcrux.Kem.Kyber.t_KyberPublicKey 1184sz) - (randomness: array u8 32sz) + (public_key: Libcrux.Kem.Kyber.t_KyberPublicKey (sz 1184)) + (randomness: array u8 (sz 32)) : Core.Result.t_Result - (Libcrux.Kem.Kyber.t_KyberCiphertext 1088sz & Libcrux.Kem.Kyber.t_KyberSharedSecret 32sz) - Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = + (Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1088) & Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32) + ) Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = Libcrux.Kem.Kyber.encapsulate public_key randomness let decapsulate_768_ - (secret_key: Libcrux.Kem.Kyber.t_KyberPrivateKey 2400sz) - (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext 1088sz) - : array u8 32sz = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file + (secret_key: Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 2400)) + (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1088)) + : array u8 (sz 32) = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ntt.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ntt.fst index 311e7888b..db121332f 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ntt.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ntt.fst @@ -2,96 +2,349 @@ module Libcrux.Kem.Kyber.Ntt #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let v_ZETAS_MONTGOMERY_DOMAIN: array i32 128sz = +let v_ZETAS_MONTGOMERY_DOMAIN: array i32 (sz 128) = let list = [ - 1044l; 758l; 359l; 1517l; 1493l; 1422l; 287l; 202l; 171l; 622l; 1577l; 182l; 962l; 1202l; - 1474l; 1468l; 573l; 1325l; 264l; 383l; 829l; 1458l; 1602l; 130l; 681l; 1017l; 732l; 608l; - 1542l; 411l; 205l; 1571l; 1223l; 652l; 552l; 1015l; 1293l; 1491l; 282l; 1544l; 516l; 8l; 320l; - 666l; 1618l; 1162l; 126l; 1469l; 853l; 90l; 271l; 830l; 107l; 1421l; 247l; 951l; 398l; 961l; - 1508l; 725l; 448l; 1065l; 677l; 1275l; 1103l; 430l; 555l; 843l; 1251l; 871l; 1550l; 105l; 422l; - 587l; 177l; 235l; 291l; 460l; 1574l; 1653l; 246l; 778l; 1159l; 147l; 777l; 1483l; 602l; 1119l; - 1590l; 644l; 872l; 349l; 418l; 329l; 156l; 75l; 817l; 1097l; 603l; 610l; 1322l; 1285l; 1465l; - 384l; 1215l; 136l; 1218l; 1335l; 874l; 220l; 1187l; 1659l; 1185l; 1530l; 1278l; 794l; 1510l; - 854l; 870l; 478l; 108l; 308l; 996l; 991l; 958l; 1460l; 1522l; 1628l + (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l; + 962l; (-1202l); (-1474l); 1468l; 573l; (-1325l); 264l; 383l; (-829l); 1458l; (-1602l); (-130l); + (-681l); 1017l; 732l; 608l; (-1542l); 411l; (-205l); (-1571l); 1223l; 652l; (-552l); 1015l; + (-1293l); 1491l; (-282l); (-1544l); 516l; (-8l); (-320l); (-666l); (-1618l); (-1162l); 126l; + 1469l; (-853l); (-90l); (-271l); 830l; 107l; (-1421l); (-247l); (-951l); (-398l); 961l; + (-1508l); (-725l); 448l; (-1065l); 677l; (-1275l); (-1103l); 430l; 555l; 843l; (-1251l); 871l; + 1550l; 105l; 422l; 587l; 177l; (-235l); (-291l); (-460l); 1574l; 1653l; (-246l); 778l; 1159l; + (-147l); (-777l); 1483l; (-602l); 1119l; (-1590l); 644l; (-872l); 349l; 418l; 329l; (-156l); + (-75l); 817l; 1097l; 603l; 610l; 1322l; (-1285l); (-1465l); 384l; (-1215l); (-136l); 1218l; + (-1335l); (-874l); 220l; (-1187l); (-1659l); (-1185l); (-1530l); (-1278l); 794l; (-1510l); + (-854l); (-870l); 478l; (-108l); (-308l); 996l; 991l; 958l; (-1460l); 1522l; 1628l ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); Rust_primitives.Hax.array_of_list list -let v_NTT_LAYERS: array usize 7sz = - let list = [2sz; 4sz; 8sz; 16sz; 32sz; 64sz; 128sz] in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 7); - Rust_primitives.Hax.array_of_list list - let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - let zeta_i:usize = 0sz in + let zeta_i:usize = sz 0 in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.rev - (Core.Slice.iter_under_impl (Rust_primitives.unsize v_NTT_LAYERS <: slice usize) + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 128 <: usize + }) + (sz 2 *! sz 128 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i +! sz 1 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! sz 128 <: usize + }) <: - Core.Slice.Iter.t_Iter usize) + _.f_IntoIter) + re + (fun re j -> + let t:i32 = + Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((re.[ j +! sz 128 <: usize ] + <: + i32) *! + (v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] <: i32) + <: + i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 128 <: usize) + ((re.[ j ] <: i32) -! t <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re j ((re.[ j ] <: i32) +! t <: i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 64 <: usize + }) + (sz 2 *! sz 64 <: usize) <: - Core.Iter.Adapters.Rev.t_Rev (Core.Slice.Iter.t_Iter usize)) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - _) + _.f_IntoIter) (re, zeta_i) - (fun (re, zeta_i) layer -> - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.step_by - ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end - = - Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -. layer <: _ - }) - (2sz *. layer <: _) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) - <: - _) - (re, zeta_i) - (fun (re, zeta_i) offset -> - let zeta_i:Prims.unit = zeta_i +. 1sz in - let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter - ({ - Core.Ops.Range.Range.f_start = offset; - Core.Ops.Range.Range.f_end = offset +. layer <: _ - }) - <: - _) - re - (fun re j -> - let t:i32 = - Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((re.[ j +. layer <: _ ] - <: - i32) *. - (v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] <: i32) - <: - i32) - in - let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Rust_primitives.Hax.update_at re - (j +. layer <: _) - ((re.[ j ] <: i32) -. t <: i32) - in - let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Rust_primitives.Hax.update_at re j ((re.[ j ] <: i32) +. t <: i32) - in - re) - in - re, zeta_i) - <: - (Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit)) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i +! sz 1 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! sz 64 <: usize + }) + <: + _.f_IntoIter) + re + (fun re j -> + let t:i32 = + Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((re.[ j +! sz 64 <: usize ] + <: + i32) *! + (v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] <: i32) + <: + i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 64 <: usize) + ((re.[ j ] <: i32) -! t <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re j ((re.[ j ] <: i32) +! t <: i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 32 <: usize + }) + (sz 2 *! sz 32 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i +! sz 1 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! sz 32 <: usize + }) + <: + _.f_IntoIter) + re + (fun re j -> + let t:i32 = + Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((re.[ j +! sz 32 <: usize ] + <: + i32) *! + (v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] <: i32) + <: + i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 32 <: usize) + ((re.[ j ] <: i32) -! t <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re j ((re.[ j ] <: i32) +! t <: i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 16 <: usize + }) + (sz 2 *! sz 16 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i +! sz 1 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! sz 16 <: usize + }) + <: + _.f_IntoIter) + re + (fun re j -> + let t:i32 = + Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((re.[ j +! sz 16 <: usize ] + <: + i32) *! + (v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] <: i32) + <: + i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 16 <: usize) + ((re.[ j ] <: i32) -! t <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re j ((re.[ j ] <: i32) +! t <: i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 8 <: usize + }) + (sz 2 *! sz 8 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i +! sz 1 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! sz 8 <: usize + }) + <: + _.f_IntoIter) + re + (fun re j -> + let t:i32 = + Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((re.[ j +! sz 8 <: usize ] + <: + i32) *! + (v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] <: i32) + <: + i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 8 <: usize) + ((re.[ j ] <: i32) -! t <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re j ((re.[ j ] <: i32) +! t <: i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 4 <: usize + }) + (sz 2 *! sz 4 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i +! sz 1 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! sz 4 <: usize + }) + <: + _.f_IntoIter) + re + (fun re j -> + let t:i32 = + Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((re.[ j +! sz 4 <: usize ] + <: + i32) *! + (v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] <: i32) + <: + i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 4 <: usize) + ((re.[ j ] <: i32) -! t <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re j ((re.[ j ] <: i32) +! t <: i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 2 <: usize + }) + (sz 2 *! sz 2 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i +! sz 1 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! sz 2 <: usize + }) + <: + _.f_IntoIter) + re + (fun re j -> + let t:i32 = + Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((re.[ j +! sz 2 <: usize ] + <: + i32) *! + (v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] <: i32) + <: + i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 2 <: usize) + ((re.[ j ] <: i32) -! t <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re j ((re.[ j ] <: i32) +! t <: i32) + in + re) + in + re, zeta_i) in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Core.Array.map_under_impl_23 re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Array.impl_23__map re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients Libcrux.Kem.Kyber.Arithmetic.barrett_reduce } in @@ -99,131 +352,396 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - let zeta_i:usize = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /. 2sz in + let zeta_i:usize = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter v_NTT_LAYERS - + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 2 <: usize + }) + (sz 2 *! sz 2 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - _) + _.f_IntoIter) (re, zeta_i) - (fun (re, zeta_i) layer -> - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.step_by - ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end - = - Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -. layer <: usize - }) - (2sz *. layer <: usize) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) - <: - _) - (re, zeta_i) - (fun (re, zeta_i) offset -> - let zeta_i:Prims.unit = zeta_i -. 1sz in - let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter - ({ - Core.Ops.Range.Range.f_start = offset; - Core.Ops.Range.Range.f_end = offset +. layer <: usize - }) - <: - _) - re - (fun re j -> - let a_minus_b:i32 = - (re.[ j +. layer <: usize ] <: i32) -. (re.[ j ] <: i32) - in - let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Rust_primitives.Hax.update_at re - j - ((re.[ j ] <: i32) +. (re.[ j +. layer <: usize ] <: i32) <: i32) - in - let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Rust_primitives.Hax.update_at re - (j +. layer <: usize) - (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *. - (v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] <: i32) - <: - i32) - <: - i32) - in - re) - in - re, zeta_i) - <: - (Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit)) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i -! sz 1 in + let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in + let v_end:usize = offset +! sz 2 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = v_end + }) + <: + _.f_IntoIter) + re + (fun re j -> + let a_minus_b:i32 = (re.[ j +! sz 2 <: usize ] <: i32) -! (re.[ j ] <: i32) in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + j + ((re.[ j ] <: i32) +! (re.[ j +! sz 2 <: usize ] <: i32) <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 2 <: usize) + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *! zeta_i_value + <: + i32) + <: + i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 4 <: usize + }) + (sz 2 *! sz 4 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i -! sz 1 in + let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in + let v_end:usize = offset +! sz 4 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = v_end + }) + <: + _.f_IntoIter) + re + (fun re j -> + let a_minus_b:i32 = (re.[ j +! sz 4 <: usize ] <: i32) -! (re.[ j ] <: i32) in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + j + ((re.[ j ] <: i32) +! (re.[ j +! sz 4 <: usize ] <: i32) <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 4 <: usize) + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *! zeta_i_value + <: + i32) + <: + i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 8 <: usize + }) + (sz 2 *! sz 8 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i -! sz 1 in + let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in + let v_end:usize = offset +! sz 8 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = v_end + }) + <: + _.f_IntoIter) + re + (fun re j -> + let a_minus_b:i32 = (re.[ j +! sz 8 <: usize ] <: i32) -! (re.[ j ] <: i32) in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + j + ((re.[ j ] <: i32) +! (re.[ j +! sz 8 <: usize ] <: i32) <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 8 <: usize) + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *! zeta_i_value + <: + i32) + <: + i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 16 <: usize + }) + (sz 2 *! sz 16 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i -! sz 1 in + let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in + let v_end:usize = offset +! sz 16 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = v_end + }) + <: + _.f_IntoIter) + re + (fun re j -> + let a_minus_b:i32 = (re.[ j +! sz 16 <: usize ] <: i32) -! (re.[ j ] <: i32) in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + j + ((re.[ j ] <: i32) +! (re.[ j +! sz 16 <: usize ] <: i32) <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 16 <: usize) + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *! zeta_i_value + <: + i32) + <: + i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 32 <: usize + }) + (sz 2 *! sz 32 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i -! sz 1 in + let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in + let v_end:usize = offset +! sz 32 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = v_end + }) + <: + _.f_IntoIter) + re + (fun re j -> + let a_minus_b:i32 = (re.[ j +! sz 32 <: usize ] <: i32) -! (re.[ j ] <: i32) in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + j + ((re.[ j ] <: i32) +! (re.[ j +! sz 32 <: usize ] <: i32) <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 32 <: usize) + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *! zeta_i_value + <: + i32) + <: + i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 64 <: usize + }) + (sz 2 *! sz 64 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i -! sz 1 in + let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in + let v_end:usize = offset +! sz 64 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = v_end + }) + <: + _.f_IntoIter) + re + (fun re j -> + let a_minus_b:i32 = (re.[ j +! sz 64 <: usize ] <: i32) -! (re.[ j ] <: i32) in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + j + ((re.[ j ] <: i32) +! (re.[ j +! sz 64 <: usize ] <: i32) <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 64 <: usize) + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *! zeta_i_value + <: + i32) + <: + i32) + in + re) + in + re, zeta_i) + in + let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT -! sz 128 <: usize + }) + (sz 2 *! sz 128 <: usize) + <: + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) + <: + _.f_IntoIter) + (re, zeta_i) + (fun (re, zeta_i) offset -> + let zeta_i:Prims.unit = zeta_i -! sz 1 in + let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in + let v_end:usize = offset +! sz 128 in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = v_end + }) + <: + _.f_IntoIter) + re + (fun re j -> + let a_minus_b:i32 = (re.[ j +! sz 128 <: usize ] <: i32) -! (re.[ j ] <: i32) in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + j + ((re.[ j ] <: i32) +! (re.[ j +! sz 128 <: usize ] <: i32) <: i32) + in + let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Rust_primitives.Hax.update_at re + (j +! sz 128 <: usize) + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *! zeta_i_value + <: + i32) + <: + i32) + in + re) + in + re, zeta_i) in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Core.Array.map_under_impl_23 (Core.Array.map_under_impl_23 re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - (fun coefficient -> - Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (coefficient *. 1441l <: i32) <: i32) - <: - array i32 256sz) - Libcrux.Kem.Kyber.Arithmetic.barrett_reduce + Core.Array.impl_23__map re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (fun coefficient -> + Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce + (coefficient *! 1441l <: i32) + <: + i32) + <: + i32) } in re let ntt_multiply_binomials (a0, a1: (i32 & i32)) (b0, b1: (i32 & i32)) (zeta: i32) : (i32 & i32) = - (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a0 *. b0 <: i32) <: i32) +. - (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a1 *. + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a0 *! b0 <: i32) <: i32) +! + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a1 *! b1 <: i32) <: - i32) *. + i32) *! zeta <: i32) <: i32), - (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a0 *. b1 <: i32) <: i32) +. - (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a1 *. b0 <: i32) <: i32) + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a0 *! b1 <: i32) <: i32) +! + (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a1 *! b0 <: i32) <: i32) let ntt_multiply (left right: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let out:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Libcrux.Kem.Kyber.Arithmetic.impl__ZERO in let out:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.step_by + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end - = - Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT }) - 4sz + (sz 4) <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - _) + _.f_IntoIter) out (fun out i -> let product:(i32 & i32) = - ntt_multiply_binomials ((left.[ i ] <: i32), (left.[ i +. 1sz <: usize ] <: i32)) - ((right.[ i ] <: i32), (right.[ i +. 1sz <: usize ] <: i32)) - (v_ZETAS_MONTGOMERY_DOMAIN.[ 64sz +. (i /. 4sz <: usize) <: usize ] <: i32) + ntt_multiply_binomials ((left.[ i ] <: i32), (left.[ i +! sz 1 <: usize ] <: i32)) + ((right.[ i ] <: i32), (right.[ i +! sz 1 <: usize ] <: i32)) + (v_ZETAS_MONTGOMERY_DOMAIN.[ sz 64 +! (i /! sz 4 <: usize) <: usize ] <: i32) in let out:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = Rust_primitives.Hax.update_at out i product._1 in let out:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Rust_primitives.Hax.update_at out (i +. 1sz <: usize) product._2 + Rust_primitives.Hax.update_at out (i +! sz 1 <: usize) product._2 in let product:(i32 & i32) = - ntt_multiply_binomials ((left.[ i +. 2sz <: usize ] <: i32), - (left.[ i +. 3sz <: usize ] <: i32)) - ((right.[ i +. 2sz <: usize ] <: i32), (right.[ i +. 3sz <: usize ] <: i32)) - (Core.Ops.Arith.Neg.neg (v_ZETAS_MONTGOMERY_DOMAIN.[ 64sz +. (i /. 4sz <: usize) + ntt_multiply_binomials ((left.[ i +! sz 2 <: usize ] <: i32), + (left.[ i +! sz 3 <: usize ] <: i32)) + ((right.[ i +! sz 2 <: usize ] <: i32), (right.[ i +! sz 3 <: usize ] <: i32)) + (Core.Ops.Arith.Neg.neg (v_ZETAS_MONTGOMERY_DOMAIN.[ sz 64 +! (i /! sz 4 <: usize) <: usize ] <: @@ -232,72 +750,72 @@ let ntt_multiply (left right: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRing i32) in let out:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Rust_primitives.Hax.update_at out (i +. 2sz <: usize) product._1 + Rust_primitives.Hax.update_at out (i +! sz 2 <: usize) product._1 in let out:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Rust_primitives.Hax.update_at out (i +. 3sz <: usize) product._2 + Rust_primitives.Hax.update_at out (i +! sz 3 <: usize) product._2 in out) in out let multiply_row_by_column_montgomery - (#k: usize) + (#v_K: usize) (row_vector column_vector: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let result:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Libcrux.Kem.Kyber.Arithmetic.impl__ZERO in let result = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.zip - (Core.Slice.iter_under_impl (Rust_primitives.unsize row_vector + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_zip + (Core.Slice.impl__iter (Rust_primitives.unsize row_vector <: slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - (Core.Slice.iter_under_impl (Rust_primitives.unsize column_vector + (Core.Slice.impl__iter (Rust_primitives.unsize column_vector <: slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: Core.Iter.Adapters.Zip.t_Zip - (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) _) + (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) + _.f_IntoIter) <: - _) + _.f_IntoIter) result (fun result (row_element, column_element) -> - result +. + result +! (ntt_multiply row_element column_element <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - _) + (Libcrux.Kem.Kyber.Arithmetic.t_impl_3).f_Output) in let result:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { result with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Core.Array.map_under_impl_23 result - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Array.impl_23__map result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients Libcrux.Kem.Kyber.Arithmetic.barrett_reduce } in result let multiply_matrix_by_column_montgomery - (#k: usize) + (#v_K: usize) (matrix: array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K) (vector: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) : array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl v_K + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K in let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.iter_under_impl (Rust_primitives.unsize matrix + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__iter (Rust_primitives.unsize matrix <: slice (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) <: @@ -308,13 +826,12 @@ let multiply_matrix_by_column_montgomery (Core.Slice.Iter.t_Iter (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K))) <: - _) + _.f_IntoIter) result (fun result (i, row) -> let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter - (Core.Iter.Traits.Iterator.Iterator.enumerate (Core.Slice.iter_under_impl (Rust_primitives.unsize - row + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__iter (Rust_primitives.unsize row <: slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: @@ -325,7 +842,7 @@ let multiply_matrix_by_column_montgomery (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement)) <: - _) + _.f_IntoIter) result (fun result (j, matrix_element) -> let product:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -335,10 +852,10 @@ let multiply_matrix_by_column_montgomery let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.update_at result i - ((result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +. + ((result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +! product <: - _) + (Libcrux.Kem.Kyber.Arithmetic.t_impl_3).f_Output) in result) in @@ -347,15 +864,15 @@ let multiply_matrix_by_column_montgomery i ({ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Core.Array.map_under_impl_23 (result.[ i ] + Core.Array.impl_23__map (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients Libcrux.Kem.Kyber.Arithmetic.barrett_reduce <: - array i32 256sz + array i32 (sz 256) }) in result) @@ -363,16 +880,16 @@ let multiply_matrix_by_column_montgomery result let multiply_matrix_by_column - (#k: usize) + (#v_K: usize) (matrix: array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K) (vector: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) : array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl v_K + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K in let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.iter_under_impl (Rust_primitives.unsize matrix + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__iter (Rust_primitives.unsize matrix <: slice (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) <: @@ -383,13 +900,12 @@ let multiply_matrix_by_column (Core.Slice.Iter.t_Iter (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K))) <: - _) + _.f_IntoIter) result (fun result (i, row) -> let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter - (Core.Iter.Traits.Iterator.Iterator.enumerate (Core.Slice.iter_under_impl (Rust_primitives.unsize - row + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__iter (Rust_primitives.unsize row <: slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: @@ -400,7 +916,7 @@ let multiply_matrix_by_column (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement)) <: - _) + _.f_IntoIter) result (fun result (j, matrix_element) -> let product:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -410,10 +926,10 @@ let multiply_matrix_by_column let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.update_at result i - ((result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +. + ((result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +! product <: - _) + (Libcrux.Kem.Kyber.Arithmetic.t_impl_3).f_Output) in result) in @@ -422,19 +938,19 @@ let multiply_matrix_by_column i ({ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Core.Array.map_under_impl_23 (result.[ i ] + Core.Array.impl_23__map (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients (fun coefficient -> let coefficient_montgomery:i32 = Libcrux.Kem.Kyber.Arithmetic.to_montgomery_domain coefficient in Libcrux.Kem.Kyber.Arithmetic.barrett_reduce coefficient_montgomery) <: - array i32 256sz + array i32 (sz 256) }) in result) diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst index 7fb7f287d..bf142b93c 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst @@ -2,52 +2,52 @@ module Libcrux.Kem.Kyber.Sampling #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let sample_from_uniform_distribution (randomness: array u8 840sz) +let sample_from_uniform_distribution (#v_SEED_SIZE: usize) (randomness: array u8 v_SEED_SIZE) : (Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - let (sampled_coefficients: usize):usize = 0sz in + let (sampled_coefficients: usize):usize = sz 0 in let (out: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Libcrux.Kem.Kyber.Arithmetic.impl__ZERO in let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Slice.chunks_under_impl + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__chunks (Rust_primitives.unsize randomness <: slice u8) - 3sz + (sz 3) <: Core.Slice.Iter.t_Chunks u8) <: - _) + _.f_IntoIter) (out, sampled_coefficients) (fun (out, sampled_coefficients) bytes -> - let b1:i32 = cast bytes.[ 0sz ] in - let b2:i32 = cast bytes.[ 1sz ] in - let b3:i32 = cast bytes.[ 2sz ] in - let d1:i32 = ((b2 &. 15l <: i32) >>. 8l <: i32) |. b1 in - let d2:i32 = (b3 >>. 4l <: i32) |. (b2 <<. 4l <: i32) in + let b1:i32 = cast bytes.[ sz 0 ] <: i32 in + let b2:i32 = cast bytes.[ sz 1 ] <: i32 in + let b3:i32 = cast bytes.[ sz 2 ] <: i32 in + let d1:i32 = ((b2 &. 15l <: i32) <>! 4l <: i32) in let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = if - Prims.op_AmpAmp (d1 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS) - (sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT) + d1 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS && + sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let out:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = Rust_primitives.Hax.update_at out sampled_coefficients d1 in - out, sampled_coefficients +. 1sz + out, sampled_coefficients +! sz 1 else out, sampled_coefficients in let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & Prims.unit) = if - Prims.op_AmpAmp (d2 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS) - (sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT) + d2 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS && + sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then let out:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = Rust_primitives.Hax.update_at out sampled_coefficients d2 in - let sampled_coefficients:Prims.unit = sampled_coefficients +. 1sz in + let sampled_coefficients:Prims.unit = sampled_coefficients +! sz 1 in out, sampled_coefficients else out, sampled_coefficients in @@ -61,57 +61,56 @@ let sample_from_uniform_distribution (randomness: array u8 840sz) in out, Core.Option.Option_Some Libcrux.Kem.Kyber.BadRejectionSamplingRandomnessError -let sample_from_binomial_distribution_2_ (randomness: array u8 128sz) +let sample_from_binomial_distribution_2_ (randomness: array u8 (sz 128)) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Libcrux.Kem.Kyber.Arithmetic.impl__ZERO in let sampled:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl (Rust_primitives.unsize randomness <: slice u8) - 4sz + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact (Rust_primitives.unsize randomness <: slice u8) (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - _) + _.f_IntoIter) sampled (fun sampled (chunk_number, byte_chunk) -> let (random_bits_as_u32: u32):u32 = - ((cast (byte_chunk.[ 0sz ] <: u8) |. (cast (byte_chunk.[ 1sz ] <: u8) >>. 8l <: u32) + (((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. + ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>. 16l <: u32) + ((cast (byte_chunk.[ sz 2 ] <: u8) <: u32) <>. 24l <: u32) + ((cast (byte_chunk.[ sz 3 ] <: u8) <: u32) <>! 1l <: u32) &. 1431655765ul in + let coin_toss_outcomes:u32 = even_bits +! odd_bits in + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ Core.Ops.Range.f_start = 0ul; Core.Ops.Range.f_end = Core.Num.impl_8__BITS }) + (sz 4) <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) <: - _) + _.f_IntoIter) sampled (fun sampled outcome_set -> - let outcome_1_:i32 = cast ((coin_toss_outcomes <<. outcome_set <: u32) &. 3ul) in + let outcome_1_:i32 = + cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul) <: i32 + in let outcome_2_:i32 = - cast ((coin_toss_outcomes <<. (outcome_set +. 2ul <: u32) <: u32) &. 3ul) + cast ((coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) &. 3ul) <: i32 in - let offset:usize = cast (outcome_set <<. 2l) in + let offset:usize = cast (outcome_set >>! 2l) <: usize in let sampled:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = Rust_primitives.Hax.update_at sampled - ((8sz *. chunk_number <: usize) +. offset <: usize) - (outcome_1_ -. outcome_2_ <: i32) + ((sz 8 *! chunk_number <: usize) +! offset <: usize) + (outcome_1_ -! outcome_2_ <: i32) in sampled)) in diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Serialize.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Serialize.fst index 48628aa54..b8498c01e 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Serialize.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Serialize.fst @@ -3,7 +3,7 @@ module Libcrux.Kem.Kyber.Serialize open Core let serialize_little_endian - (#compression_factor #out_len: usize) + (#v_COMPRESSION_FACTOR #v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : array u8 v_OUT_LEN = let _:Prims.unit = @@ -11,17 +11,17 @@ let serialize_little_endian then let _:Prims.unit = if - ~.(((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. v_COMPRESSION_FACTOR + ~.(((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: - usize) /. - 8sz + usize) /! + sz 8 <: usize) =. v_OUT_LEN <: bool) then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.new_v1_under_impl_2 (Rust_primitives.unsize + Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize (let list = [""; " != "] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); Rust_primitives.Hax.array_of_list list) @@ -29,18 +29,16 @@ let serialize_little_endian slice string) (Rust_primitives.unsize (let list = [ - Core.Fmt.Rt.new_display_under_impl_1 ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. + Core.Fmt.Rt.impl_1__new_display ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: - usize) /. - 8sz + usize) /! + sz 8 <: usize) <: Core.Fmt.Rt.t_Argument; - Core.Fmt.Rt.new_display_under_impl_1 v_OUT_LEN - <: - Core.Fmt.Rt.t_Argument + Core.Fmt.Rt.impl_1__new_display v_OUT_LEN <: Core.Fmt.Rt.t_Argument ] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); @@ -54,15 +52,15 @@ let serialize_little_endian in () in - match v_COMPRESSION_FACTOR with - | 1sz -> serialize_little_endian_1_ re - | 4sz -> serialize_little_endian_4_ re - | 5sz -> serialize_little_endian_5_ re - | 10sz -> serialize_little_endian_10_ re - | 11sz -> serialize_little_endian_11_ re - | 12sz -> serialize_little_endian_12_ re + match cast v_COMPRESSION_FACTOR <: u32 with + | 1ul -> serialize_little_endian_1_ re + | 4ul -> serialize_little_endian_4_ re + | 5ul -> serialize_little_endian_5_ re + | 10ul -> serialize_little_endian_10_ re + | 11ul -> serialize_little_endian_11_ re + | 12ul -> serialize_little_endian_12_ re | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.new_v1_under_impl_2 (Rust_primitives.unsize + Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize (let list = ["internal error: entered unreachable code: factor "] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); Rust_primitives.Hax.array_of_list list) @@ -70,7 +68,7 @@ let serialize_little_endian slice string) (Rust_primitives.unsize (let list = [ - Core.Fmt.Rt.new_display_under_impl_1 v_COMPRESSION_FACTOR + Core.Fmt.Rt.impl_1__new_display v_COMPRESSION_FACTOR <: Core.Fmt.Rt.t_Argument ] @@ -84,18 +82,18 @@ let serialize_little_endian <: Rust_primitives.Hax.t_Never) -let deserialize_little_endian (#compression_factor: usize) (serialized: slice u8) +let deserialize_little_endian (#v_COMPRESSION_FACTOR: usize) (serialized: slice u8) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let _:Prims.unit = if true then let _:Prims.unit = match - Core.Slice.len_under_impl serialized, - (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. v_COMPRESSION_FACTOR + Core.Slice.impl__len serialized, + (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: - usize) /. - 8sz + usize) /! + sz 8 with | left_val, right_val -> if ~.(left_val =. right_val <: bool) @@ -110,15 +108,15 @@ let deserialize_little_endian (#compression_factor: usize) (serialized: slice u8 in () in - match v_COMPRESSION_FACTOR with - | 1sz -> deserialize_little_endian_1_ serialized - | 4sz -> deserialize_little_endian_4_ serialized - | 5sz -> deserialize_little_endian_5_ serialized - | 10sz -> deserialize_little_endian_10_ serialized - | 11sz -> deserialize_little_endian_11_ serialized - | 12sz -> deserialize_little_endian_12_ serialized + match cast v_COMPRESSION_FACTOR <: u32 with + | 1ul -> deserialize_little_endian_1_ serialized + | 4ul -> deserialize_little_endian_4_ serialized + | 5ul -> deserialize_little_endian_5_ serialized + | 10ul -> deserialize_little_endian_10_ serialized + | 11ul -> deserialize_little_endian_11_ serialized + | 12ul -> deserialize_little_endian_12_ serialized | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.new_v1_under_impl_2 (Rust_primitives.unsize + Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize (let list = ["internal error: entered unreachable code: factor "] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); Rust_primitives.Hax.array_of_list list) @@ -126,7 +124,7 @@ let deserialize_little_endian (#compression_factor: usize) (serialized: slice u8 slice string) (Rust_primitives.unsize (let list = [ - Core.Fmt.Rt.new_display_under_impl_1 v_COMPRESSION_FACTOR + Core.Fmt.Rt.impl_1__new_display v_COMPRESSION_FACTOR <: Core.Fmt.Rt.t_Argument ] @@ -141,36 +139,36 @@ let deserialize_little_endian (#compression_factor: usize) (serialized: slice u8 Rust_primitives.Hax.t_Never) let serialize_little_endian_1_ - (#out_len: usize) + (#v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : array u8 v_OUT_LEN = let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl (Rust_primitives.unsize re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: slice i32) - 8sz + (sz 8) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - _) + _.f_IntoIter) serialized (fun serialized (i, chunk) -> - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.iter_under_impl chunk <: Core.Slice.Iter.t_Iter i32) + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__iter chunk <: Core.Slice.Iter.t_Iter i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) <: - _) + _.f_IntoIter) serialized (fun serialized (j, coefficient) -> Rust_primitives.Hax.update_at serialized i - ((serialized.[ i ] <: u8) |. (cast coefficient >>. j <: u8) <: Prims.unit) + ((serialized.[ i ] <: u8) |. ((cast coefficient <: u8) < if ~.(left_val =. right_val <: bool) @@ -202,33 +200,32 @@ let deserialize_little_endian_1_ (serialized: slice u8) () in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Libcrux.Kem.Kyber.Arithmetic.impl__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.iter_under_impl serialized <: Core.Slice.Iter.t_Iter u8) + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__iter serialized <: Core.Slice.Iter.t_Iter u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) <: - _) + _.f_IntoIter) re (fun re (i, byte) -> - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter ({ - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = 8sz + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 8 }) <: - _) + _.f_IntoIter) re (fun re j -> { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - ((8sz *. i <: usize) +. j <: usize) - (cast ((byte <<. j <: _) &. 1uy <: u8)) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! j <: usize) + (cast ((byte >>! j <: (Core.Ops.Bit.t_impl_780).f_Output) &. 1uy <: u8) <: i32) <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement }) @@ -238,31 +235,31 @@ let deserialize_little_endian_1_ (serialized: slice u8) re let serialize_little_endian_4_ - (#out_len: usize) + (#v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : array u8 v_OUT_LEN = let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl (Rust_primitives.unsize re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: slice i32) - 2sz + (sz 2) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - _) + _.f_IntoIter) serialized (fun serialized (i, chunk) -> - let coefficient1:u8 = cast chunk.[ 0sz ] in - let coefficient2:u8 = cast chunk.[ 1sz ] in + let coefficient1:u8 = cast chunk.[ sz 0 ] <: u8 in + let coefficient2:u8 = cast chunk.[ sz 1 ] <: u8 in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized i - ((coefficient2 >>. 4l <: u8) |. coefficient1 <: u8) + ((coefficient2 < if ~.(left_val =. right_val <: bool) @@ -292,37 +289,35 @@ let deserialize_little_endian_4_ (serialized: slice u8) () in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Libcrux.Kem.Kyber.Arithmetic.impl__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.iter_under_impl serialized <: Core.Slice.Iter.t_Iter u8) + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__iter serialized <: Core.Slice.Iter.t_Iter u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) <: - _) + _.f_IntoIter) re (fun re (i, byte) -> let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - (2sz *. i <: usize) - (cast (byte &. 15uy <: _)) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 2 *! i <: usize) + (cast (byte &. 15uy <: (Core.Ops.Bit.t_impl_46).f_Output) <: i32) } in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - ((2sz *. i <: usize) +. 1sz <: usize) - (cast ((byte <<. 4l <: _) &. 15uy <: u8)) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 2 *! i <: usize) +! sz 1 <: usize) + (cast ((byte >>! 4l <: (Core.Ops.Bit.t_impl_792).f_Output) &. 15uy <: u8) <: i32) } in re) @@ -330,31 +325,31 @@ let deserialize_little_endian_4_ (serialized: slice u8) re let serialize_little_endian_5_ - (#out_len: usize) + (#v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : array u8 v_OUT_LEN = let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl (Rust_primitives.unsize re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: slice i32) - 2sz + (sz 2) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - _) + _.f_IntoIter) serialized (fun serialized (i, chunk) -> - let coefficient1:u8 = cast chunk.[ 0sz ] in - let coefficient2:u8 = cast chunk.[ 1sz ] in + let coefficient1:u8 = cast chunk.[ sz 0 ] <: u8 in + let coefficient2:u8 = cast chunk.[ sz 1 ] <: u8 in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized i - ((coefficient2 >>. 4l <: u8) |. coefficient1 <: u8) + ((coefficient2 < if ~.(left_val =. right_val <: bool) @@ -384,37 +379,35 @@ let deserialize_little_endian_5_ (serialized: slice u8) () in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Libcrux.Kem.Kyber.Arithmetic.impl__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.iter_under_impl serialized <: Core.Slice.Iter.t_Iter u8) + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__iter serialized <: Core.Slice.Iter.t_Iter u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) <: - _) + _.f_IntoIter) re (fun re (i, byte) -> let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - (2sz *. i <: usize) - (cast (byte &. 15uy <: _)) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 2 *! i <: usize) + (cast (byte &. 15uy <: (Core.Ops.Bit.t_impl_46).f_Output) <: i32) } in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - ((2sz *. i <: usize) +. 1sz <: usize) - (cast ((byte <<. 4l <: _) &. 15uy <: u8)) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 2 *! i <: usize) +! sz 1 <: usize) + (cast ((byte >>! 4l <: (Core.Ops.Bit.t_impl_792).f_Output) &. 15uy <: u8) <: i32) } in re) @@ -422,62 +415,62 @@ let deserialize_little_endian_5_ (serialized: slice u8) re let serialize_little_endian_10_ - (#out_len: usize) + (#v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : array u8 v_OUT_LEN = let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl (Rust_primitives.unsize re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: slice i32) - 4sz + (sz 4) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - _) + _.f_IntoIter) serialized (fun serialized (i, chunk) -> - let coefficient1:i32 = chunk.[ 0sz ] in - let coefficient2:i32 = chunk.[ 1sz ] in - let coefficient3:i32 = chunk.[ 2sz ] in - let coefficient4:i32 = chunk.[ 3sz ] in + let coefficient1:i32 = chunk.[ sz 0 ] in + let coefficient2:i32 = chunk.[ sz 1 ] in + let coefficient3:i32 = chunk.[ sz 2 ] in + let coefficient4:i32 = chunk.[ sz 3 ] in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - (5sz *. i <: usize) - (cast (coefficient1 &. 255l <: i32)) + (sz 5 *! i <: usize) + (cast (coefficient1 &. 255l <: i32) <: u8) in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - ((5sz *. i <: usize) +. 1sz <: usize) - ((cast (coefficient2 &. 63l <: i32) >>. 2l <: u8) |. - cast ((coefficient1 <<. 8l <: i32) &. 3l <: i32) + ((sz 5 *! i <: usize) +! sz 1 <: usize) + (((cast (coefficient2 &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) <: u8) in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - ((5sz *. i <: usize) +. 2sz <: usize) - ((cast (coefficient3 &. 15l <: i32) >>. 4l <: u8) |. - cast ((coefficient2 <<. 6l <: i32) &. 15l <: i32) + ((sz 5 *! i <: usize) +! sz 2 <: usize) + (((cast (coefficient3 &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) <: u8) in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - ((5sz *. i <: usize) +. 3sz <: usize) - ((cast (coefficient4 &. 3l <: i32) >>. 6l <: u8) |. - cast ((coefficient3 <<. 4l <: i32) &. 63l <: i32) + ((sz 5 *! i <: usize) +! sz 3 <: usize) + (((cast (coefficient4 &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) <: u8) in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - ((5sz *. i <: usize) +. 4sz <: usize) - (cast ((coefficient4 <<. 2l <: i32) &. 255l <: i32)) + ((sz 5 *! i <: usize) +! sz 4 <: usize) + (cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8) in serialized) in @@ -490,8 +483,8 @@ let deserialize_little_endian_10_ (serialized: slice u8) then let _:Prims.unit = match - Core.Slice.len_under_impl serialized, - (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. 10sz <: usize) /. 8sz + Core.Slice.impl__len serialized, + (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 10 <: usize) /! sz 8 with | left_val, right_val -> if ~.(left_val =. right_val <: bool) @@ -507,64 +500,60 @@ let deserialize_little_endian_10_ (serialized: slice u8) () in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Libcrux.Kem.Kyber.Arithmetic.impl__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_under_impl serialized 5sz <: Core.Slice.Iter.t_Chunks u8) + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - _) + _.f_IntoIter) re (fun re (i, bytes) -> - let byte1:i32 = cast bytes.[ 0sz ] in - let byte2:i32 = cast bytes.[ 1sz ] in - let byte3:i32 = cast bytes.[ 2sz ] in - let byte4:i32 = cast bytes.[ 3sz ] in - let byte5:i32 = cast bytes.[ 4sz ] in + let byte1:i32 = cast bytes.[ sz 0 ] <: i32 in + let byte2:i32 = cast bytes.[ sz 1 ] <: i32 in + let byte3:i32 = cast bytes.[ sz 2 ] <: i32 in + let byte4:i32 = cast bytes.[ sz 3 ] <: i32 in + let byte5:i32 = cast bytes.[ sz 4 ] <: i32 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - (4sz *. i <: usize) - (((byte2 &. 3l <: i32) >>. 8l <: i32) |. (byte1 &. 255l <: i32) <: i32) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 4 *! i <: usize) + (((byte2 &. 3l <: i32) <>. 6l <: i32) |. (byte2 <<. 2l <: i32) <: i32) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 1 <: usize) + (((byte3 &. 15l <: i32) <>! 2l <: i32) <: i32) } in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - ((4sz *. i <: usize) +. 2sz <: usize) - (((byte4 &. 63l <: i32) >>. 4l <: i32) |. (byte3 <<. 4l <: i32) <: i32) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 2 <: usize) + (((byte4 &. 63l <: i32) <>! 4l <: i32) <: i32) } in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - ((4sz *. i <: usize) +. 3sz <: usize) - ((byte5 >>. 2l <: i32) |. (byte4 <<. 6l <: i32) <: i32) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 3 <: usize) + ((byte5 <>! 6l <: i32) <: i32) } in re) @@ -572,62 +561,62 @@ let deserialize_little_endian_10_ (serialized: slice u8) re let serialize_little_endian_11_ - (#out_len: usize) + (#v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : array u8 v_OUT_LEN = let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl (Rust_primitives.unsize re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: slice i32) - 4sz + (sz 4) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - _) + _.f_IntoIter) serialized (fun serialized (i, chunk) -> - let coefficient1:i32 = chunk.[ 0sz ] in - let coefficient2:i32 = chunk.[ 1sz ] in - let coefficient3:i32 = chunk.[ 2sz ] in - let coefficient4:i32 = chunk.[ 3sz ] in + let coefficient1:i32 = chunk.[ sz 0 ] in + let coefficient2:i32 = chunk.[ sz 1 ] in + let coefficient3:i32 = chunk.[ sz 2 ] in + let coefficient4:i32 = chunk.[ sz 3 ] in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - (5sz *. i <: usize) - (cast (coefficient1 &. 255l <: i32)) + (sz 5 *! i <: usize) + (cast (coefficient1 &. 255l <: i32) <: u8) in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - ((5sz *. i <: usize) +. 1sz <: usize) - ((cast (coefficient2 &. 63l <: i32) >>. 2l <: u8) |. - cast ((coefficient1 <<. 8l <: i32) &. 3l <: i32) + ((sz 5 *! i <: usize) +! sz 1 <: usize) + (((cast (coefficient2 &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) <: u8) in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - ((5sz *. i <: usize) +. 2sz <: usize) - ((cast (coefficient3 &. 15l <: i32) >>. 4l <: u8) |. - cast ((coefficient2 <<. 6l <: i32) &. 15l <: i32) + ((sz 5 *! i <: usize) +! sz 2 <: usize) + (((cast (coefficient3 &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) <: u8) in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - ((5sz *. i <: usize) +. 3sz <: usize) - ((cast (coefficient4 &. 3l <: i32) >>. 6l <: u8) |. - cast ((coefficient3 <<. 4l <: i32) &. 63l <: i32) + ((sz 5 *! i <: usize) +! sz 3 <: usize) + (((cast (coefficient4 &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) <: u8) in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - ((5sz *. i <: usize) +. 4sz <: usize) - (cast ((coefficient4 <<. 2l <: i32) &. 255l <: i32)) + ((sz 5 *! i <: usize) +! sz 4 <: usize) + (cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8) in serialized) in @@ -640,8 +629,8 @@ let deserialize_little_endian_11_ (serialized: slice u8) then let _:Prims.unit = match - Core.Slice.len_under_impl serialized, - (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *. 11sz <: usize) /. 8sz + Core.Slice.impl__len serialized, + (Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 11 <: usize) /! sz 8 with | left_val, right_val -> if ~.(left_val =. right_val <: bool) @@ -657,64 +646,60 @@ let deserialize_little_endian_11_ (serialized: slice u8) () in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Libcrux.Kem.Kyber.Arithmetic.impl__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_under_impl serialized 5sz <: Core.Slice.Iter.t_Chunks u8) + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks serialized (sz 5) <: Core.Slice.Iter.t_Chunks u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Chunks u8)) <: - _) + _.f_IntoIter) re (fun re (i, bytes) -> - let byte1:i32 = cast bytes.[ 0sz ] in - let byte2:i32 = cast bytes.[ 1sz ] in - let byte3:i32 = cast bytes.[ 2sz ] in - let byte4:i32 = cast bytes.[ 3sz ] in - let byte5:i32 = cast bytes.[ 4sz ] in + let byte1:i32 = cast bytes.[ sz 0 ] <: i32 in + let byte2:i32 = cast bytes.[ sz 1 ] <: i32 in + let byte3:i32 = cast bytes.[ sz 2 ] <: i32 in + let byte4:i32 = cast bytes.[ sz 3 ] <: i32 in + let byte5:i32 = cast bytes.[ sz 4 ] <: i32 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - (4sz *. i <: usize) - (((byte2 &. 3l <: i32) >>. 8l <: i32) |. (byte1 &. 255l <: i32) <: i32) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 4 *! i <: usize) + (((byte2 &. 3l <: i32) <>. 6l <: i32) |. (byte2 <<. 2l <: i32) <: i32) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 1 <: usize) + (((byte3 &. 15l <: i32) <>! 2l <: i32) <: i32) } in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - ((4sz *. i <: usize) +. 2sz <: usize) - (((byte4 &. 63l <: i32) >>. 4l <: i32) |. (byte3 <<. 4l <: i32) <: i32) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 2 <: usize) + (((byte4 &. 63l <: i32) <>! 4l <: i32) <: i32) } in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - ((4sz *. i <: usize) +. 3sz <: usize) - ((byte5 >>. 2l <: i32) |. (byte4 <<. 6l <: i32) <: i32) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 3 <: usize) + ((byte5 <>! 6l <: i32) <: i32) } in re) @@ -722,47 +707,49 @@ let deserialize_little_endian_11_ (serialized: slice u8) re let serialize_little_endian_12_ - (#out_len: usize) + (#v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) : array u8 v_OUT_LEN = let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl (Rust_primitives.unsize re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: slice i32) - 2sz + (sz 2) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - _) + _.f_IntoIter) serialized (fun serialized (i, chunks) -> let coefficient1:u16 = - Libcrux.Kem.Kyber.Conversions.to_unsigned_representative (chunks.[ 0sz ] <: i32) + Libcrux.Kem.Kyber.Conversions.to_unsigned_representative (chunks.[ sz 0 ] <: i32) in let coefficient2:u16 = - Libcrux.Kem.Kyber.Conversions.to_unsigned_representative (chunks.[ 1sz ] <: i32) + Libcrux.Kem.Kyber.Conversions.to_unsigned_representative (chunks.[ sz 1 ] <: i32) in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - (3sz *. i <: usize) - (cast (coefficient1 &. 255us <: u16)) + (sz 3 *! i <: usize) + (cast (coefficient1 &. 255us <: u16) <: u8) in let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized - ((3sz *. i <: usize) +. 1sz <: usize) - (cast ((coefficient1 <<. 8l <: u16) |. ((coefficient2 &. 15us <: u16) >>. 4l <: u16) + ((sz 3 *! i <: usize) +! sz 1 <: usize) + (cast ((coefficient1 >>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8) in serialized) in @@ -775,7 +762,7 @@ let deserialize_little_endian_12_ (serialized: slice u8) then let _:Prims.unit = match - Core.Slice.len_under_impl serialized, Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT + Core.Slice.impl__len serialized, Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT with | left_val, right_val -> if ~.(left_val =. right_val <: bool) @@ -791,41 +778,38 @@ let deserialize_little_endian_12_ (serialized: slice u8) () in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.v_ZERO_under_impl + Libcrux.Kem.Kyber.Arithmetic.impl__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.IntoIterator.into_iter (Core.Iter.Traits.Iterator.Iterator.enumerate - (Core.Slice.chunks_exact_under_impl serialized 3sz <: Core.Slice.Iter.t_ChunksExact u8 - ) + Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__chunks_exact serialized (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - _) + _.f_IntoIter) re (fun re (i, bytes) -> - let byte1:i32 = cast bytes.[ 0sz ] in - let byte2:i32 = cast bytes.[ 1sz ] in - let byte3:i32 = cast bytes.[ 2sz ] in + let byte1:i32 = cast bytes.[ sz 0 ] <: i32 in + let byte2:i32 = cast bytes.[ sz 1 ] <: i32 in + let byte3:i32 = cast bytes.[ sz 2 ] <: i32 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with - Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients + Libcrux.Kem.Kyber.Arithmetic.f_coefficients = - Rust_primitives.Hax.update_at re - .Libcrux.Kem.Kyber.Arithmetic.KyberPolynomialRingElement.f_coefficients - (2sz *. i <: usize) - (((byte2 &. 15l <: i32) >>. 8l <: i32) |. (byte1 &. 255l <: i32) <: i32) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 2 *! i <: usize) + (((byte2 &. 15l <: i32) <>. 4l <: i32) |. ((byte2 <<. 4l <: i32) &. 15l <: i32) <: i32) + Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 2 *! i <: usize) +! sz 1 <: usize) + ((byte3 <>! 4l <: i32) &. 15l <: i32) <: i32) } in re) diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst index 55b1ee9cd..f1b4d90aa 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst @@ -2,43 +2,39 @@ module Libcrux.Kem.Kyber.Types #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let new_under_impl - (#private_key_size #public_key_size: usize) +let impl__new + (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) (sk: array u8 v_PRIVATE_KEY_SIZE) (pk: array u8 v_PUBLIC_KEY_SIZE) : Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = { - Libcrux.Kem.Kyber.KyberKeyPair.f_sk = Core.Convert.Into.into sk; - Libcrux.Kem.Kyber.KyberKeyPair.f_pk = Core.Convert.Into.into pk + Libcrux.Kem.Kyber.f_sk = Core.Convert.f_into sk; + Libcrux.Kem.Kyber.f_pk = Core.Convert.f_into pk } -let from_under_impl - (#private_key_size #public_key_size: usize) +let impl__from + (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) (sk: Libcrux.Kem.Kyber.t_KyberPrivateKey v_PRIVATE_KEY_SIZE) (pk: Libcrux.Kem.Kyber.t_KyberPublicKey v_PUBLIC_KEY_SIZE) : Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = - { Libcrux.Kem.Kyber.KyberKeyPair.f_sk = sk; Libcrux.Kem.Kyber.KyberKeyPair.f_pk = pk } + { Libcrux.Kem.Kyber.f_sk = sk; Libcrux.Kem.Kyber.f_pk = pk } -let public_key_under_impl - (#private_key_size #public_key_size: usize) +let impl__public_key + (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) (self: Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - : Libcrux.Kem.Kyber.t_KyberPublicKey v_PUBLIC_KEY_SIZE = - self.Libcrux.Kem.Kyber.KyberKeyPair.f_pk + : Libcrux.Kem.Kyber.t_KyberPublicKey v_PUBLIC_KEY_SIZE = self.Libcrux.Kem.Kyber.f_pk -let private_key_under_impl - (#private_key_size #public_key_size: usize) +let impl__private_key + (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) (self: Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - : Libcrux.Kem.Kyber.t_KyberPrivateKey v_PRIVATE_KEY_SIZE = - self.Libcrux.Kem.Kyber.KyberKeyPair.f_sk + : Libcrux.Kem.Kyber.t_KyberPrivateKey v_PRIVATE_KEY_SIZE = self.Libcrux.Kem.Kyber.f_sk -let pk_under_impl - (#private_key_size #public_key_size: usize) +let impl__pk + (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) (self: Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - : array u8 v_PUBLIC_KEY_SIZE = - Libcrux.Kem.Kyber.as_slice_under_impl_35 self.Libcrux.Kem.Kyber.KyberKeyPair.f_pk + : array u8 v_PUBLIC_KEY_SIZE = Libcrux.Kem.Kyber.impl_35__as_slice self.Libcrux.Kem.Kyber.f_pk -let sk_under_impl - (#private_key_size #public_key_size: usize) +let impl__sk + (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) (self: Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - : array u8 v_PRIVATE_KEY_SIZE = - Libcrux.Kem.Kyber.as_slice_under_impl_26 self.Libcrux.Kem.Kyber.KyberKeyPair.f_sk \ No newline at end of file + : array u8 v_PRIVATE_KEY_SIZE = Libcrux.Kem.Kyber.impl_26__as_slice self.Libcrux.Kem.Kyber.f_sk \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst index d17829946..5b1c746e0 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst @@ -2,444 +2,396 @@ module Libcrux.Kem.Kyber #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -type t_KyberCiphertext = { f_value:array u8 v_SIZE } +type t_KyberCiphertext (#v_SIZE: usize) = { f_value:array u8 v_SIZE } -let impl (#size: usize) : Core.Convert.t_AsRef (t_KyberCiphertext v_SIZE) (slice u8) = +let impl (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberCiphertext v_SIZE) (slice u8) = { - as_ref + f_impl__as_ref = - fun (#size: usize) (self: t_KyberCiphertext v_SIZE) -> - Rust_primitives.unsize self.Libcrux.Kem.Kyber.KyberCiphertext.f_value + fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value } -let impl (#size: usize) : Core.Convert.t_From (t_KyberCiphertext v_SIZE) (array u8 v_SIZE) = - { - from - = - fun (#size: usize) (value: array u8 v_SIZE) -> - { Libcrux.Kem.Kyber.KyberCiphertext.f_value = value } - } +let impl_1 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberCiphertext v_SIZE) (array u8 v_SIZE) = + { f_impl_1__from = fun (#v_SIZE: usize) (value: array u8 v_SIZE) -> { f_value = value } } -let impl (#size: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberCiphertext v_SIZE) = - { - from - = - fun (#size: usize) (value: t_KyberCiphertext v_SIZE) -> - value.Libcrux.Kem.Kyber.KyberCiphertext.f_value - } +let impl_2 (#v_SIZE: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberCiphertext v_SIZE) = + { f_impl_2__from = fun (#v_SIZE: usize) (value: t_KyberCiphertext v_SIZE) -> value.f_value } -let impl (#size: usize) : Core.Convert.t_TryFrom (t_KyberCiphertext v_SIZE) (slice u8) = +let impl_3 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberCiphertext v_SIZE) (slice u8) = { - error = Core.Array.t_TryFromSliceError; - try_from + f_impl_3__Error = Core.Array.t_TryFromSliceError; + f_impl_3__try_from = - fun (#size: usize) (value: slice u8) -> + fun (#v_SIZE: usize) (value: slice u8) -> Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist6:array u8 v_SIZE = match - Core.Ops.Try_trait.Try.branch (Core.Convert.TryInto.try_into value + Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value <: - Core.Result.t_Result (array u8 v_SIZE) _) + Core.Result.t_Result (array u8 v_SIZE) _.f_Error) with - | Core.Ops.Control_flow.ControlFlow_Break residual -> + | Core.Ops.Control_flow.ControlFlow_Break + { Core.Ops.Control_flow.ControlFlow._0 = residual } -> let* hoist5:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.FromResidual.from_residual - residual + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + <: Core.Result.t_Result (t_KyberCiphertext v_SIZE) Core.Array.t_TryFromSliceError) in Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist5) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + | Core.Ops.Control_flow.ControlFlow_Continue + { Core.Ops.Control_flow.ControlFlow._0 = v_val } -> Core.Ops.Control_flow.ControlFlow_Continue v_val in Core.Ops.Control_flow.ControlFlow_Continue - (let hoist7:t_KyberCiphertext v_SIZE = - { Libcrux.Kem.Kyber.KyberCiphertext.f_value = hoist6 } - in + (let hoist7:t_KyberCiphertext v_SIZE = { f_value = hoist6 } in Core.Result.Result_Ok hoist7)) } -let impl (#size: usize) : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) usize = +let impl_4 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) usize = { - output = u8; - index + f_impl_4__Output = u8; + f_impl_4__index = - fun (#size: usize) (self: t_KyberCiphertext v_SIZE) (index: usize) -> - self.Libcrux.Kem.Kyber.KyberCiphertext.f_value.[ index ] + fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (index: usize) -> self.f_value.[ index ] } -let impl (#size: usize) +let impl_5 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) (Core.Ops.Range.t_Range usize) = { - output = slice u8; - index + f_impl_5__Output = slice u8; + f_impl_5__index = - fun (#size: usize) (self: t_KyberCiphertext v_SIZE) (range: Core.Ops.Range.t_Range usize) -> - self.Libcrux.Kem.Kyber.KyberCiphertext.f_value.[ range ] + fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (range: Core.Ops.Range.t_Range usize) -> + self.f_value.[ range ] } -let impl (#size: usize) +let impl_6 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) (Core.Ops.Range.t_RangeTo usize) = { - output = slice u8; - index + f_impl_6__Output = slice u8; + f_impl_6__index = - fun (#size: usize) (self: t_KyberCiphertext v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> - self.Libcrux.Kem.Kyber.KyberCiphertext.f_value.[ range ] + fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> + self.f_value.[ range ] } -let impl (#size: usize) +let impl_7 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = { - output = slice u8; - index + f_impl_7__Output = slice u8; + f_impl_7__index = - fun (#size: usize) (self: t_KyberCiphertext v_SIZE) (range: Core.Ops.Range.t_RangeFrom usize) -> - self.Libcrux.Kem.Kyber.KyberCiphertext.f_value.[ range ] + fun + (#v_SIZE: usize) + (self: t_KyberCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.f_value.[ range ] } -let as_slice_under_impl_8 (#size: usize) (self: t_KyberCiphertext v_SIZE) : array u8 v_SIZE = - self.Libcrux.Kem.Kyber.KyberCiphertext.f_value +let impl_8__as_slice (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : array u8 v_SIZE = + self.f_value -let split_at_under_impl_8 (#size: usize) (self: t_KyberCiphertext v_SIZE) (mid: usize) +let impl_8__split_at (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (mid: usize) : (slice u8 & slice u8) = - Core.Slice.split_at_under_impl (Rust_primitives.unsize self - .Libcrux.Kem.Kyber.KyberCiphertext.f_value - <: - slice u8) - mid + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: slice u8) mid -let len_under_impl_8 (#size: usize) (self: t_KyberCiphertext v_SIZE) : usize = v_SIZE +let impl_8__len (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : usize = v_SIZE -type t_KyberSharedSecret = { f_value:array u8 v_SIZE } +type t_KyberSharedSecret (#v_SIZE: usize) = { f_value:array u8 v_SIZE } -let impl (#size: usize) : Core.Convert.t_AsRef (t_KyberSharedSecret v_SIZE) (slice u8) = +let impl_9 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberSharedSecret v_SIZE) (slice u8) = { - as_ref + f_impl_9__as_ref = - fun (#size: usize) (self: t_KyberSharedSecret v_SIZE) -> - Rust_primitives.unsize self.Libcrux.Kem.Kyber.KyberSharedSecret.f_value + fun (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) -> Rust_primitives.unsize self.f_value } -let impl (#size: usize) : Core.Convert.t_From (t_KyberSharedSecret v_SIZE) (array u8 v_SIZE) = - { - from - = - fun (#size: usize) (value: array u8 v_SIZE) -> - { Libcrux.Kem.Kyber.KyberSharedSecret.f_value = value } - } +let impl_10 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberSharedSecret v_SIZE) (array u8 v_SIZE) = + { f_impl_10__from = fun (#v_SIZE: usize) (value: array u8 v_SIZE) -> { f_value = value } } -let impl (#size: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberSharedSecret v_SIZE) = - { - from - = - fun (#size: usize) (value: t_KyberSharedSecret v_SIZE) -> - value.Libcrux.Kem.Kyber.KyberSharedSecret.f_value - } +let impl_11 (#v_SIZE: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberSharedSecret v_SIZE) = + { f_impl_11__from = fun (#v_SIZE: usize) (value: t_KyberSharedSecret v_SIZE) -> value.f_value } -let impl (#size: usize) : Core.Convert.t_TryFrom (t_KyberSharedSecret v_SIZE) (slice u8) = +let impl_12 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberSharedSecret v_SIZE) (slice u8) = { - error = Core.Array.t_TryFromSliceError; - try_from + f_impl_12__Error = Core.Array.t_TryFromSliceError; + f_impl_12__try_from = - fun (#size: usize) (value: slice u8) -> + fun (#v_SIZE: usize) (value: slice u8) -> Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist9:array u8 v_SIZE = match - Core.Ops.Try_trait.Try.branch (Core.Convert.TryInto.try_into value + Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value <: - Core.Result.t_Result (array u8 v_SIZE) _) + Core.Result.t_Result (array u8 v_SIZE) _.f_Error) with - | Core.Ops.Control_flow.ControlFlow_Break residual -> + | Core.Ops.Control_flow.ControlFlow_Break + { Core.Ops.Control_flow.ControlFlow._0 = residual } -> let* hoist8:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.FromResidual.from_residual - residual + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + <: Core.Result.t_Result (t_KyberSharedSecret v_SIZE) Core.Array.t_TryFromSliceError ) in Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist8) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + | Core.Ops.Control_flow.ControlFlow_Continue + { Core.Ops.Control_flow.ControlFlow._0 = v_val } -> Core.Ops.Control_flow.ControlFlow_Continue v_val in Core.Ops.Control_flow.ControlFlow_Continue - (let hoist10:t_KyberSharedSecret v_SIZE = - { Libcrux.Kem.Kyber.KyberSharedSecret.f_value = hoist9 } - in + (let hoist10:t_KyberSharedSecret v_SIZE = { f_value = hoist9 } in Core.Result.Result_Ok hoist10)) } -let impl (#size: usize) : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) usize = +let impl_13 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) usize = { - output = u8; - index + f_impl_13__Output = u8; + f_impl_13__index = - fun (#size: usize) (self: t_KyberSharedSecret v_SIZE) (index: usize) -> - self.Libcrux.Kem.Kyber.KyberSharedSecret.f_value.[ index ] + fun (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) (index: usize) -> self.f_value.[ index ] } -let impl (#size: usize) +let impl_14 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) (Core.Ops.Range.t_Range usize) = { - output = slice u8; - index + f_impl_14__Output = slice u8; + f_impl_14__index = - fun (#size: usize) (self: t_KyberSharedSecret v_SIZE) (range: Core.Ops.Range.t_Range usize) -> - self.Libcrux.Kem.Kyber.KyberSharedSecret.f_value.[ range ] + fun (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) (range: Core.Ops.Range.t_Range usize) -> + self.f_value.[ range ] } -let impl (#size: usize) +let impl_15 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) (Core.Ops.Range.t_RangeTo usize) = { - output = slice u8; - index + f_impl_15__Output = slice u8; + f_impl_15__index = - fun (#size: usize) (self: t_KyberSharedSecret v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> - self.Libcrux.Kem.Kyber.KyberSharedSecret.f_value.[ range ] + fun + (#v_SIZE: usize) + (self: t_KyberSharedSecret v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + self.f_value.[ range ] } -let impl (#size: usize) +let impl_16 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = { - output = slice u8; - index + f_impl_16__Output = slice u8; + f_impl_16__index = fun - (#size: usize) + (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) (range: Core.Ops.Range.t_RangeFrom usize) -> - self.Libcrux.Kem.Kyber.KyberSharedSecret.f_value.[ range ] + self.f_value.[ range ] } -let as_slice_under_impl_17 (#size: usize) (self: t_KyberSharedSecret v_SIZE) : array u8 v_SIZE = - self.Libcrux.Kem.Kyber.KyberSharedSecret.f_value +let impl_17__as_slice (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) : array u8 v_SIZE = + self.f_value -let split_at_under_impl_17 (#size: usize) (self: t_KyberSharedSecret v_SIZE) (mid: usize) +let impl_17__split_at (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) (mid: usize) : (slice u8 & slice u8) = - Core.Slice.split_at_under_impl (Rust_primitives.unsize self - .Libcrux.Kem.Kyber.KyberSharedSecret.f_value - <: - slice u8) - mid + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: slice u8) mid -let len_under_impl_17 (#size: usize) (self: t_KyberSharedSecret v_SIZE) : usize = v_SIZE +let impl_17__len (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) : usize = v_SIZE -type t_KyberPrivateKey = { f_value:array u8 v_SIZE } +type t_KyberPrivateKey (#v_SIZE: usize) = { f_value:array u8 v_SIZE } -let impl (#size: usize) : Core.Convert.t_AsRef (t_KyberPrivateKey v_SIZE) (slice u8) = +let impl_18 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberPrivateKey v_SIZE) (slice u8) = { - as_ref + f_impl_18__as_ref = - fun (#size: usize) (self: t_KyberPrivateKey v_SIZE) -> - Rust_primitives.unsize self.Libcrux.Kem.Kyber.KyberPrivateKey.f_value + fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value } -let impl (#size: usize) : Core.Convert.t_From (t_KyberPrivateKey v_SIZE) (array u8 v_SIZE) = - { - from - = - fun (#size: usize) (value: array u8 v_SIZE) -> - { Libcrux.Kem.Kyber.KyberPrivateKey.f_value = value } - } +let impl_19 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberPrivateKey v_SIZE) (array u8 v_SIZE) = + { f_impl_19__from = fun (#v_SIZE: usize) (value: array u8 v_SIZE) -> { f_value = value } } -let impl (#size: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberPrivateKey v_SIZE) = - { - from - = - fun (#size: usize) (value: t_KyberPrivateKey v_SIZE) -> - value.Libcrux.Kem.Kyber.KyberPrivateKey.f_value - } +let impl_20 (#v_SIZE: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberPrivateKey v_SIZE) = + { f_impl_20__from = fun (#v_SIZE: usize) (value: t_KyberPrivateKey v_SIZE) -> value.f_value } -let impl (#size: usize) : Core.Convert.t_TryFrom (t_KyberPrivateKey v_SIZE) (slice u8) = +let impl_21 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberPrivateKey v_SIZE) (slice u8) = { - error = Core.Array.t_TryFromSliceError; - try_from + f_impl_21__Error = Core.Array.t_TryFromSliceError; + f_impl_21__try_from = - fun (#size: usize) (value: slice u8) -> + fun (#v_SIZE: usize) (value: slice u8) -> Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist12:array u8 v_SIZE = match - Core.Ops.Try_trait.Try.branch (Core.Convert.TryInto.try_into value + Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value <: - Core.Result.t_Result (array u8 v_SIZE) _) + Core.Result.t_Result (array u8 v_SIZE) _.f_Error) with - | Core.Ops.Control_flow.ControlFlow_Break residual -> + | Core.Ops.Control_flow.ControlFlow_Break + { Core.Ops.Control_flow.ControlFlow._0 = residual } -> let* hoist11:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.FromResidual.from_residual - residual + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + <: Core.Result.t_Result (t_KyberPrivateKey v_SIZE) Core.Array.t_TryFromSliceError) in Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist11) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + | Core.Ops.Control_flow.ControlFlow_Continue + { Core.Ops.Control_flow.ControlFlow._0 = v_val } -> Core.Ops.Control_flow.ControlFlow_Continue v_val in Core.Ops.Control_flow.ControlFlow_Continue - (let hoist13:t_KyberPrivateKey v_SIZE = - { Libcrux.Kem.Kyber.KyberPrivateKey.f_value = hoist12 } - in + (let hoist13:t_KyberPrivateKey v_SIZE = { f_value = hoist12 } in Core.Result.Result_Ok hoist13)) } -let impl (#size: usize) : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) usize = +let impl_22 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) usize = { - output = u8; - index + f_impl_22__Output = u8; + f_impl_22__index = - fun (#size: usize) (self: t_KyberPrivateKey v_SIZE) (index: usize) -> - self.Libcrux.Kem.Kyber.KyberPrivateKey.f_value.[ index ] + fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (index: usize) -> self.f_value.[ index ] } -let impl (#size: usize) +let impl_23 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) (Core.Ops.Range.t_Range usize) = { - output = slice u8; - index + f_impl_23__Output = slice u8; + f_impl_23__index = - fun (#size: usize) (self: t_KyberPrivateKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> - self.Libcrux.Kem.Kyber.KyberPrivateKey.f_value.[ range ] + fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> + self.f_value.[ range ] } -let impl (#size: usize) +let impl_24 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) (Core.Ops.Range.t_RangeTo usize) = { - output = slice u8; - index + f_impl_24__Output = slice u8; + f_impl_24__index = - fun (#size: usize) (self: t_KyberPrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> - self.Libcrux.Kem.Kyber.KyberPrivateKey.f_value.[ range ] + fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> + self.f_value.[ range ] } -let impl (#size: usize) +let impl_25 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = { - output = slice u8; - index + f_impl_25__Output = slice u8; + f_impl_25__index = - fun (#size: usize) (self: t_KyberPrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeFrom usize) -> - self.Libcrux.Kem.Kyber.KyberPrivateKey.f_value.[ range ] + fun + (#v_SIZE: usize) + (self: t_KyberPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.f_value.[ range ] } -let as_slice_under_impl_26 (#size: usize) (self: t_KyberPrivateKey v_SIZE) : array u8 v_SIZE = - self.Libcrux.Kem.Kyber.KyberPrivateKey.f_value +let impl_26__as_slice (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : array u8 v_SIZE = + self.f_value -let split_at_under_impl_26 (#size: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) +let impl_26__split_at (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) : (slice u8 & slice u8) = - Core.Slice.split_at_under_impl (Rust_primitives.unsize self - .Libcrux.Kem.Kyber.KyberPrivateKey.f_value - <: - slice u8) - mid + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: slice u8) mid -let len_under_impl_26 (#size: usize) (self: t_KyberPrivateKey v_SIZE) : usize = v_SIZE +let impl_26__len (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : usize = v_SIZE -type t_KyberPublicKey = { f_value:array u8 v_SIZE } +type t_KyberPublicKey (#v_SIZE: usize) = { f_value:array u8 v_SIZE } -let impl (#size: usize) : Core.Convert.t_AsRef (t_KyberPublicKey v_SIZE) (slice u8) = +let impl_27 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberPublicKey v_SIZE) (slice u8) = { - as_ref + f_impl_27__as_ref = - fun (#size: usize) (self: t_KyberPublicKey v_SIZE) -> - Rust_primitives.unsize self.Libcrux.Kem.Kyber.KyberPublicKey.f_value + fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value } -let impl (#size: usize) : Core.Convert.t_From (t_KyberPublicKey v_SIZE) (array u8 v_SIZE) = - { - from - = - fun (#size: usize) (value: array u8 v_SIZE) -> - { Libcrux.Kem.Kyber.KyberPublicKey.f_value = value } - } +let impl_28 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberPublicKey v_SIZE) (array u8 v_SIZE) = + { f_impl_28__from = fun (#v_SIZE: usize) (value: array u8 v_SIZE) -> { f_value = value } } -let impl (#size: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberPublicKey v_SIZE) = - { - from - = - fun (#size: usize) (value: t_KyberPublicKey v_SIZE) -> - value.Libcrux.Kem.Kyber.KyberPublicKey.f_value - } +let impl_29 (#v_SIZE: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberPublicKey v_SIZE) = + { f_impl_29__from = fun (#v_SIZE: usize) (value: t_KyberPublicKey v_SIZE) -> value.f_value } -let impl (#size: usize) : Core.Convert.t_TryFrom (t_KyberPublicKey v_SIZE) (slice u8) = +let impl_30 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberPublicKey v_SIZE) (slice u8) = { - error = Core.Array.t_TryFromSliceError; - try_from + f_impl_30__Error = Core.Array.t_TryFromSliceError; + f_impl_30__try_from = - fun (#size: usize) (value: slice u8) -> + fun (#v_SIZE: usize) (value: slice u8) -> Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist15:array u8 v_SIZE = match - Core.Ops.Try_trait.Try.branch (Core.Convert.TryInto.try_into value + Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value <: - Core.Result.t_Result (array u8 v_SIZE) _) + Core.Result.t_Result (array u8 v_SIZE) _.f_Error) with - | Core.Ops.Control_flow.ControlFlow_Break residual -> + | Core.Ops.Control_flow.ControlFlow_Break + { Core.Ops.Control_flow.ControlFlow._0 = residual } -> let* hoist14:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.FromResidual.from_residual - residual + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + <: Core.Result.t_Result (t_KyberPublicKey v_SIZE) Core.Array.t_TryFromSliceError) in Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist14) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + | Core.Ops.Control_flow.ControlFlow_Continue + { Core.Ops.Control_flow.ControlFlow._0 = v_val } -> Core.Ops.Control_flow.ControlFlow_Continue v_val in Core.Ops.Control_flow.ControlFlow_Continue - (let hoist16:t_KyberPublicKey v_SIZE = - { Libcrux.Kem.Kyber.KyberPublicKey.f_value = hoist15 } - in + (let hoist16:t_KyberPublicKey v_SIZE = { f_value = hoist15 } in Core.Result.Result_Ok hoist16)) } -let impl (#size: usize) : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) usize = +let impl_31 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) usize = { - output = u8; - index + f_impl_31__Output = u8; + f_impl_31__index = - fun (#size: usize) (self: t_KyberPublicKey v_SIZE) (index: usize) -> - self.Libcrux.Kem.Kyber.KyberPublicKey.f_value.[ index ] + fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (index: usize) -> self.f_value.[ index ] } -let impl (#size: usize) +let impl_32 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) (Core.Ops.Range.t_Range usize) = { - output = slice u8; - index + f_impl_32__Output = slice u8; + f_impl_32__index = - fun (#size: usize) (self: t_KyberPublicKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> - self.Libcrux.Kem.Kyber.KyberPublicKey.f_value.[ range ] + fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> + self.f_value.[ range ] } -let impl (#size: usize) +let impl_33 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) (Core.Ops.Range.t_RangeTo usize) = { - output = slice u8; - index + f_impl_33__Output = slice u8; + f_impl_33__index = - fun (#size: usize) (self: t_KyberPublicKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> - self.Libcrux.Kem.Kyber.KyberPublicKey.f_value.[ range ] + fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> + self.f_value.[ range ] } -let impl (#size: usize) +let impl_34 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = { - output = slice u8; - index + f_impl_34__Output = slice u8; + f_impl_34__index = - fun (#size: usize) (self: t_KyberPublicKey v_SIZE) (range: Core.Ops.Range.t_RangeFrom usize) -> - self.Libcrux.Kem.Kyber.KyberPublicKey.f_value.[ range ] + fun + (#v_SIZE: usize) + (self: t_KyberPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.f_value.[ range ] } -let as_slice_under_impl_35 (#size: usize) (self: t_KyberPublicKey v_SIZE) : array u8 v_SIZE = - self.Libcrux.Kem.Kyber.KyberPublicKey.f_value +let impl_35__as_slice (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : array u8 v_SIZE = + self.f_value -let split_at_under_impl_35 (#size: usize) (self: t_KyberPublicKey v_SIZE) (mid: usize) +let impl_35__split_at (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (mid: usize) : (slice u8 & slice u8) = - Core.Slice.split_at_under_impl (Rust_primitives.unsize self - .Libcrux.Kem.Kyber.KyberPublicKey.f_value - <: - slice u8) - mid + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: slice u8) mid -let len_under_impl_35 (#size: usize) (self: t_KyberPublicKey v_SIZE) : usize = v_SIZE +let impl_35__len (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : usize = v_SIZE -type t_KyberKeyPair = { +type t_KyberKeyPair (#v_PRIVATE_KEY_SIZE: usize) (#v_PUBLIC_KEY_SIZE: usize) = { f_sk:t_KyberPrivateKey v_PRIVATE_KEY_SIZE; f_pk:t_KyberPublicKey v_PUBLIC_KEY_SIZE } @@ -448,25 +400,24 @@ type t_BadRejectionSamplingRandomnessError = | BadRejectionSamplingRandomnessError : t_BadRejectionSamplingRandomnessError let v_KEY_GENERATION_SEED_SIZE: usize = - Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +. + Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE let generate_keypair - (#k #cpa_private_key_size #private_key_size #public_key_size #bytes_per_ring_element: usize) - (randomness: array u8 64sz) + (#v_K #v_CPA_PRIVATE_KEY_SIZE #v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE #v_BYTES_PER_RING_ELEMENT: + usize) + (randomness: array u8 (sz 64)) : Core.Result.t_Result (t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) t_BadRejectionSamplingRandomnessError = let ind_cpa_keypair_randomness:slice u8 = randomness.[ { - Core.Ops.Range.Range.f_start = 0sz; - Core.Ops.Range.Range.f_end = Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE } ] in let implicit_rejection_value:slice u8 = randomness.[ { - Core.Ops.Range.RangeFrom.f_start - = - Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE } ] in let (ind_cpa_private_key, public_key), sampling_a_error:((Libcrux.Kem.Kyber.Ind_cpa.t_PrivateKey @@ -476,70 +427,70 @@ let generate_keypair Libcrux.Kem.Kyber.Ind_cpa.generate_keypair ind_cpa_keypair_randomness in let secret_key_serialized:array u8 v_PRIVATE_KEY_SIZE = - Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key (Rust_primitives.unsize (Libcrux.Kem.Kyber.Ind_cpa.as_slice_under_impl_8 + Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key (Rust_primitives.unsize (Libcrux.Kem.Kyber.Ind_cpa.impl_8__as_slice ind_cpa_private_key <: array u8 v_CPA_PRIVATE_KEY_SIZE) <: slice u8) - (Rust_primitives.unsize (as_slice_under_impl_35 public_key <: array u8 v_PUBLIC_KEY_SIZE) + (Rust_primitives.unsize (impl_35__as_slice public_key <: array u8 v_PUBLIC_KEY_SIZE) <: slice u8) implicit_rejection_value in match sampling_a_error with - | Core.Option.Option_Some error -> Core.Result.Result_Err error + | Core.Option.Option_Some { Core.Option.Option._0 = error } -> Core.Result.Result_Err error | _ -> let (private_key: t_KyberPrivateKey v_PRIVATE_KEY_SIZE):t_KyberPrivateKey v_PRIVATE_KEY_SIZE = - Core.Convert.From.from secret_key_serialized + Core.Convert.f_from secret_key_serialized in - Core.Result.Result_Ok (Libcrux.Kem.Kyber.Types.from_under_impl private_key public_key) + Core.Result.Result_Ok (Libcrux.Kem.Kyber.Types.impl__from private_key public_key) let encapsulate - (#k #shared_secret_size #ciphertext_size #public_key_size #t__as_ntt_encoded_size #c1_size #c2_size #vector_u_compression_factor #vector_v_compression_factor #vector_u_block_len: + (#v_K #v_SHARED_SECRET_SIZE #v_CIPHERTEXT_SIZE #v_PUBLIC_KEY_SIZE #v_T_AS_NTT_ENCODED_SIZE #v_C1_SIZE #v_C2_SIZE #v_VECTOR_U_COMPRESSION_FACTOR #v_VECTOR_V_COMPRESSION_FACTOR #v_VECTOR_U_BLOCK_LEN: usize) (public_key: t_KyberPublicKey v_PUBLIC_KEY_SIZE) (randomness: array u8 v_SHARED_SECRET_SIZE) : Core.Result.t_Result (t_KyberCiphertext v_CIPHERTEXT_SIZE & t_KyberSharedSecret v_SHARED_SECRET_SIZE) t_BadRejectionSamplingRandomnessError = - let randomness_hashed:array u8 32sz = + let randomness_hashed:array u8 (sz 32) = Libcrux.Kem.Kyber.Hash_functions.v_H (Rust_primitives.unsize randomness <: slice u8) in - let (to_hash: array u8 64sz):array u8 64sz = + let (to_hash: array u8 (sz 64)):array u8 (sz 64) = Libcrux.Kem.Kyber.Conversions.into_padded_array (Rust_primitives.unsize randomness_hashed <: slice u8) in - let to_hash:array u8 64sz = + let to_hash:array u8 (sz 64) = Rust_primitives.Hax.update_at to_hash - ({ Core.Ops.Range.RangeFrom.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) - (Core.Slice.copy_from_slice_under_impl (Core.Ops.Index.IndexMut.index_mut to_hash - ({ Core.Ops.Range.RangeFrom.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) + ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) + (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut to_hash + ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) <: slice u8) - (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H (Rust_primitives.unsize (as_slice_under_impl_35 + (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H (Rust_primitives.unsize (impl_35__as_slice public_key <: array u8 v_PUBLIC_KEY_SIZE) <: slice u8) <: - array u8 32sz) + array u8 (sz 32)) <: slice u8) <: slice u8) in - let hashed:array u8 64sz = + let hashed:array u8 (sz 64) = Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: slice u8) in let k_not, pseudorandomness:(slice u8 & slice u8) = - Core.Slice.split_at_under_impl (Rust_primitives.unsize hashed <: slice u8) 32sz + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: slice u8) (sz 32) in let ciphertext, sampling_a_error:(t_KyberCiphertext v_CIPHERTEXT_SIZE & Core.Option.t_Option t_BadRejectionSamplingRandomnessError) = - Libcrux.Kem.Kyber.Ind_cpa.encrypt (Rust_primitives.unsize (as_slice_under_impl_35 public_key + Libcrux.Kem.Kyber.Ind_cpa.encrypt (Rust_primitives.unsize (impl_35__as_slice public_key <: array u8 v_PUBLIC_KEY_SIZE) <: @@ -547,114 +498,108 @@ let encapsulate randomness_hashed pseudorandomness in - let (to_hash: array u8 64sz):array u8 64sz = + let (to_hash: array u8 (sz 64)):array u8 (sz 64) = Libcrux.Kem.Kyber.Conversions.into_padded_array k_not in - let to_hash:array u8 64sz = + let to_hash:array u8 (sz 64) = Rust_primitives.Hax.update_at to_hash - ({ Core.Ops.Range.RangeFrom.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) - (Core.Slice.copy_from_slice_under_impl (Core.Ops.Index.IndexMut.index_mut to_hash - ({ Core.Ops.Range.RangeFrom.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) + ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) + (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut to_hash + ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) <: slice u8) - (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H (Core.Convert.AsRef.as_ref ciphertext + (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H (Core.Convert.f_as_ref ciphertext <: slice u8) <: - array u8 32sz) + array u8 (sz 32)) <: slice u8) <: slice u8) in let shared_secret:t_KyberSharedSecret v_SHARED_SECRET_SIZE = - Core.Convert.Into.into (Libcrux.Kem.Kyber.Hash_functions.v_KDF (Rust_primitives.unsize to_hash + Core.Convert.f_into (Libcrux.Kem.Kyber.Hash_functions.v_KDF (Rust_primitives.unsize to_hash <: slice u8) <: array u8 v_SHARED_SECRET_SIZE) in - if Core.Option.is_some_under_impl sampling_a_error - then Core.Result.Result_Err (Core.Option.unwrap_under_impl sampling_a_error) + if Core.Option.impl__is_some sampling_a_error + then Core.Result.Result_Err (Core.Option.impl__unwrap sampling_a_error) else Core.Result.Result_Ok (ciphertext, shared_secret) let decapsulate - (#k #secret_key_size #cpa_secret_key_size #public_key_size #ciphertext_size #t__as_ntt_encoded_size #c1_size #c2_size #vector_u_compression_factor #vector_v_compression_factor #c1_block_size: + (#v_K #v_SECRET_KEY_SIZE #v_CPA_SECRET_KEY_SIZE #v_PUBLIC_KEY_SIZE #v_CIPHERTEXT_SIZE #v_T_AS_NTT_ENCODED_SIZE #v_C1_SIZE #v_C2_SIZE #v_VECTOR_U_COMPRESSION_FACTOR #v_VECTOR_V_COMPRESSION_FACTOR #v_C1_BLOCK_SIZE: usize) (secret_key: t_KyberPrivateKey v_SECRET_KEY_SIZE) (ciphertext: t_KyberCiphertext v_CIPHERTEXT_SIZE) - : array u8 32sz = + : array u8 (sz 32) = let ind_cpa_secret_key, secret_key:(slice u8 & slice u8) = - split_at_under_impl_26 secret_key v_CPA_SECRET_KEY_SIZE + impl_26__split_at secret_key v_CPA_SECRET_KEY_SIZE in let ind_cpa_public_key, secret_key:(slice u8 & slice u8) = - Core.Slice.split_at_under_impl secret_key v_PUBLIC_KEY_SIZE + Core.Slice.impl__split_at secret_key v_PUBLIC_KEY_SIZE in let ind_cpa_public_key_hash, implicit_rejection_value:(slice u8 & slice u8) = - Core.Slice.split_at_under_impl secret_key Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE + Core.Slice.impl__split_at secret_key Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE in - let decrypted:array u8 32sz = Libcrux.Kem.Kyber.Ind_cpa.decrypt ind_cpa_secret_key ciphertext in - let (to_hash: array u8 64sz):array u8 64sz = + let decrypted:array u8 (sz 32) = + Libcrux.Kem.Kyber.Ind_cpa.decrypt ind_cpa_secret_key ciphertext + in + let (to_hash: array u8 (sz 64)):array u8 (sz 64) = Libcrux.Kem.Kyber.Conversions.into_padded_array (Rust_primitives.unsize decrypted <: slice u8) in - let to_hash:array u8 64sz = + let to_hash:array u8 (sz 64) = Rust_primitives.Hax.update_at to_hash - ({ Core.Ops.Range.RangeFrom.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) - (Core.Slice.copy_from_slice_under_impl (Core.Ops.Index.IndexMut.index_mut to_hash - ({ - Core.Ops.Range.RangeFrom.f_start - = - Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE - }) + ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) + (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut to_hash + ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) <: slice u8) ind_cpa_public_key_hash <: slice u8) in - let hashed:array u8 64sz = + let hashed:array u8 (sz 64) = Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: slice u8) in let k_not, pseudorandomness:(slice u8 & slice u8) = - Core.Slice.split_at_under_impl (Rust_primitives.unsize hashed <: slice u8) 32sz + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: slice u8) (sz 32) in let expected_ciphertext, _:(t_KyberCiphertext v_CIPHERTEXT_SIZE & Core.Option.t_Option t_BadRejectionSamplingRandomnessError) = Libcrux.Kem.Kyber.Ind_cpa.encrypt ind_cpa_public_key decrypted pseudorandomness in let selector:u8 = - Libcrux.Kem.Kyber.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.AsRef.as_ref - ciphertext + Libcrux.Kem.Kyber.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.f_as_ref ciphertext + <: slice u8) - (Core.Convert.AsRef.as_ref expected_ciphertext <: slice u8) + (Core.Convert.f_as_ref expected_ciphertext <: slice u8) in - let to_hash:array u8 32sz = + let to_hash:array u8 (sz 32) = Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time k_not implicit_rejection_value selector in - let (to_hash: array u8 64sz):array u8 64sz = + let (to_hash: array u8 (sz 64)):array u8 (sz 64) = Libcrux.Kem.Kyber.Conversions.into_padded_array (Rust_primitives.unsize to_hash <: slice u8) in - let to_hash:array u8 64sz = + let to_hash:array u8 (sz 64) = Rust_primitives.Hax.update_at to_hash - ({ Core.Ops.Range.RangeFrom.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) - (Core.Slice.copy_from_slice_under_impl (Core.Ops.Index.IndexMut.index_mut to_hash - ({ - Core.Ops.Range.RangeFrom.f_start - = - Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE - }) + ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) + (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut to_hash + ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) <: slice u8) - (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H (Core.Convert.AsRef.as_ref ciphertext + (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H (Core.Convert.f_as_ref ciphertext <: slice u8) <: - array u8 32sz) + array u8 (sz 32)) <: slice u8) <: diff --git a/proofs/fstar/extraction/Libcrux.Kem.fst b/proofs/fstar/extraction/Libcrux.Kem.fst deleted file mode 100644 index 0ba733304..000000000 --- a/proofs/fstar/extraction/Libcrux.Kem.fst +++ /dev/null @@ -1,4 +0,0 @@ -module Libcrux.Kem -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core - diff --git a/src/kem/kyber/serialize.rs b/src/kem/kyber/serialize.rs index 7b78d445c..4eaf243f6 100644 --- a/src/kem/kyber/serialize.rs +++ b/src/kem/kyber/serialize.rs @@ -51,7 +51,7 @@ pub(super) fn serialize_little_endian serialize_little_endian_1(re), // VECTOR_V_COMPRESSION_FACTOR_768 & VECTOR_V_COMPRESSION_FACTOR_512 4 => serialize_little_endian_4(re), @@ -75,7 +75,7 @@ pub(super) fn deserialize_little_endian( (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 ); - match COMPRESSION_FACTOR { + match COMPRESSION_FACTOR as u32 { 1 => deserialize_little_endian_1(serialized), // VECTOR_V_COMPRESSION_FACTOR_768 & VECTOR_V_COMPRESSION_FACTOR_512 4 => deserialize_little_endian_4(serialized),