From 130f82bdefcd7164b1baf3b359ce40fa2f536e12 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 26 Oct 2023 13:23:26 +0200 Subject: [PATCH 01/11] move all types into types.rs --- .../Libcrux.Kem.Kyber.Arithmetic.fst | 34 +- .../Libcrux.Kem.Kyber.Constant_time_ops.fst | 20 +- .../Libcrux.Kem.Kyber.Conversions.fst | 26 +- .../Libcrux.Kem.Kyber.Hash_functions.fst | 29 +- .../extraction/Libcrux.Kem.Kyber.Ind_cpa.fst | 513 +++++++--------- .../Libcrux.Kem.Kyber.Kyber1024.fst | 29 +- .../extraction/Libcrux.Kem.Kyber.Kyber512.fst | 29 +- .../extraction/Libcrux.Kem.Kyber.Kyber768.fst | 29 +- .../extraction/Libcrux.Kem.Kyber.Ntt.fst | 391 ++++++------ .../extraction/Libcrux.Kem.Kyber.Sampling.fst | 65 +- .../Libcrux.Kem.Kyber.Serialize.fst | 234 ++++---- .../extraction/Libcrux.Kem.Kyber.Types.fst | 510 +++++++++++++++- proofs/fstar/extraction/Libcrux.Kem.Kyber.fst | 559 +++--------------- src/kem/kyber.rs | 24 +- src/kem/kyber/ind_cpa.rs | 17 +- src/kem/kyber/kyber1024.rs | 7 +- src/kem/kyber/kyber512.rs | 7 +- src/kem/kyber/kyber768.rs | 7 +- src/kem/kyber/sampling.rs | 9 +- src/kem/kyber/types.rs | 16 +- 20 files changed, 1220 insertions(+), 1335 deletions(-) diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Arithmetic.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Arithmetic.fst index a0efde3b5..5c1b9139d 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Arithmetic.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Arithmetic.fst @@ -157,24 +157,24 @@ let montgomery_reduce (value: i32) : i32 = let to_montgomery_domain (value: i32) : i32 = montgomery_reduce (1353l *! value <: i32) -type t_KyberPolynomialRingElement = { f_coefficients:array i32 (sz 256) } +type t_KyberPolynomialRingElement = { f_coefficients:t_Array i32 (sz 256) } -let impl__ZERO: t_KyberPolynomialRingElement = +let impl__KyberPolynomialRingElement__ZERO: t_KyberPolynomialRingElement = { f_coefficients = Rust_primitives.Hax.repeat 0l (sz 256) } let impl_1: Core.Ops.Index.t_Index t_KyberPolynomialRingElement usize = { - f_impl_1__Output = i32; - f_impl_1__index + f_Output = i32; + f_index = fun (self: t_KyberPolynomialRingElement) (index: usize) -> self.f_coefficients.[ index ] } let impl_2: Core.Iter.Traits.Collect.t_IntoIterator t_KyberPolynomialRingElement = { - f_impl_2__Item = i32; - f_impl_2__IntoIter = Core.Array.Iter.t_IntoIter i32 (sz 256); - f_impl_2__into_iter + f_Item = i32; + f_IntoIter = Core.Array.Iter.t_IntoIter i32 (sz 256); + f_into_iter = fun (self: t_KyberPolynomialRingElement) -> Core.Iter.Traits.Collect.f_into_iter self.f_coefficients @@ -182,18 +182,18 @@ let impl_2: Core.Iter.Traits.Collect.t_IntoIterator t_KyberPolynomialRingElement let impl_3: Core.Ops.Arith.t_Add t_KyberPolynomialRingElement t_KyberPolynomialRingElement = { - f_impl_3__Output = t_KyberPolynomialRingElement; - f_impl_3__add + f_Output = t_KyberPolynomialRingElement; + f_add = fun (self: t_KyberPolynomialRingElement) (other: t_KyberPolynomialRingElement) -> - let result:t_KyberPolynomialRingElement = impl__ZERO in + let result:t_KyberPolynomialRingElement = impl__KyberPolynomialRingElement__ZERO in let result:t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) result (fun result i -> { @@ -212,18 +212,18 @@ let impl_3: Core.Ops.Arith.t_Add t_KyberPolynomialRingElement t_KyberPolynomialR let impl_4: Core.Ops.Arith.t_Sub t_KyberPolynomialRingElement t_KyberPolynomialRingElement = { - f_impl_4__Output = t_KyberPolynomialRingElement; - f_impl_4__sub + f_Output = t_KyberPolynomialRingElement; + f_sub = fun (self: t_KyberPolynomialRingElement) (other: t_KyberPolynomialRingElement) -> - let result:t_KyberPolynomialRingElement = impl__ZERO in + let result:t_KyberPolynomialRingElement = impl__KyberPolynomialRingElement__ZERO in let result:t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) result (fun result i -> { diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst index 6da4d6293..56788c604 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst @@ -6,7 +6,7 @@ let is_non_zero (value: u8) : u8 = let value_negated:i8 = Core.Ops.Arith.Neg.neg (cast value <: i8) in ((value |. (cast value_negated <: u8) <: u8) >>! 7l <: u8) &. 1uy -let compare_ciphertexts_in_constant_time (#v_CIPHERTEXT_SIZE: usize) (lhs rhs: slice u8) : u8 = +let compare_ciphertexts_in_constant_time (#v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) : u8 = let _:Prims.unit = if true then @@ -45,18 +45,18 @@ let compare_ciphertexts_in_constant_time (#v_CIPHERTEXT_SIZE: usize) (lhs rhs: s in let (r: u8):u8 = 0uy in let r:u8 = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_CIPHERTEXT_SIZE }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) r (fun r i -> r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8) in is_non_zero r -let select_shared_secret_in_constant_time (lhs rhs: slice u8) (selector: u8) : array u8 (sz 32) = +let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) : t_Array u8 (sz 32) = let _:Prims.unit = if true then @@ -93,15 +93,15 @@ let select_shared_secret_in_constant_time (lhs rhs: slice u8) (selector: u8) : a in () in - let mask:u8 = Core.Num.impl_6__wrapping_sub (is_non_zero selector <: u8) 1uy in - let out:array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:array u8 (sz 32) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let out:t_Array u8 (sz 32) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) out (fun out i -> Rust_primitives.Hax.update_at out @@ -113,6 +113,6 @@ let select_shared_secret_in_constant_time (lhs rhs: slice u8) (selector: u8) : a <: u8) <: - array u8 (sz 32)) + t_Array u8 (sz 32)) in out \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Conversions.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Conversions.fst index 5c2a8a6fe..c65d7073e 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Conversions.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Conversions.fst @@ -2,7 +2,7 @@ module Libcrux.Kem.Kyber.Conversions #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let into_padded_array (#v_LEN: usize) (slice: slice u8) : array u8 v_LEN = +let into_padded_array (#v_LEN: usize) (slice: t_Slice u8) : t_Array u8 v_LEN = let _:Prims.unit = if true then @@ -16,8 +16,8 @@ let into_padded_array (#v_LEN: usize) (slice: slice u8) : array u8 v_LEN = in () in - let out:array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in - let out:array u8 v_LEN = + let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out:t_Array u8 v_LEN = Rust_primitives.Hax.update_at out ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize } ) @@ -27,33 +27,33 @@ let into_padded_array (#v_LEN: usize) (slice: slice u8) : array u8 v_LEN = Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize }) <: - slice u8) + t_Slice u8) slice <: - slice u8) + t_Slice u8) in out class t_UpdatingArray (#v_Self: Type) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_509883233:t_UpdatingArray v_Self; - f_push:v_Self -> slice u8 -> v_Self + f_push:v_Self -> t_Slice u8 -> v_Self } type t_UpdatableArray (#v_LEN: usize) = { - f_value:array u8 v_LEN; + f_value:t_Array u8 v_LEN; f_pointer:usize } -let impl__new (#v_LEN: usize) (value: array u8 v_LEN) : t_UpdatableArray v_LEN = +let impl__new (#v_LEN: usize) (value: t_Array u8 v_LEN) : t_UpdatableArray v_LEN = { f_value = value; f_pointer = sz 0 } -let impl__array (#v_LEN: usize) (self: t_UpdatableArray v_LEN) : array u8 v_LEN = self.f_value +let impl__array (#v_LEN: usize) (self: t_UpdatableArray v_LEN) : t_Array u8 v_LEN = self.f_value let impl_1 (#v_LEN: usize) : t_UpdatingArray (t_UpdatableArray v_LEN) = { - f_impl_1__push + f_push = - fun (#v_LEN: usize) (self: t_UpdatableArray v_LEN) (other: slice u8) -> + fun (#v_LEN: usize) (self: t_UpdatableArray v_LEN) (other: t_Slice u8) -> let self:t_UpdatableArray v_LEN = { self with @@ -74,10 +74,10 @@ let impl_1 (#v_LEN: usize) : t_UpdatingArray (t_UpdatableArray v_LEN) = self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize }) <: - slice u8) + t_Slice u8) other <: - slice u8) + t_Slice u8) } in let self:t_UpdatableArray v_LEN = diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst index 4d7d56199..3c9248451 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst @@ -2,35 +2,36 @@ module Libcrux.Kem.Kyber.Hash_functions #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let v_G (input: slice u8) : array u8 (sz 64) = Libcrux.Digest.sha3_512_ input +let v_G (input: t_Slice u8) : t_Array u8 (sz 64) = Libcrux.Digest.sha3_512_ input -let v_H (input: slice u8) : array u8 (sz 32) = Libcrux.Digest.sha3_256_ input +let v_H (input: t_Slice u8) : t_Array u8 (sz 32) = Libcrux.Digest.sha3_256_ input -let v_PRF (#v_LEN: usize) (input: slice u8) : array u8 v_LEN = Libcrux.Digest.shake256 input +let v_PRF (#v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN = Libcrux.Digest.shake256 input -let v_XOFx4 (#v_LEN #v_K: usize) (input: array (array u8 (sz 34)) v_K) : array (array u8 v_LEN) v_K = - let out:array (array u8 v_LEN) v_K = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: array u8 v_LEN) v_K +let v_XOFx4 (#v_LEN #v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) + : t_Array (t_Array u8 v_LEN) v_K = + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K in - let out:array (array u8 v_LEN) v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + let out:t_Array (t_Array u8 v_LEN) v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) out (fun out i -> Rust_primitives.Hax.update_at out i - (Libcrux.Digest.shake128 (Rust_primitives.unsize (input.[ i ] <: array u8 (sz 34)) + (Libcrux.Digest.shake128 (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 34)) <: - slice u8) + t_Slice u8) <: - array u8 v_LEN) + t_Array u8 v_LEN) <: - array (array u8 v_LEN) v_K) + t_Array (t_Array u8 v_LEN) v_K) in out -let v_KDF (#v_LEN: usize) (input: slice u8) : array u8 v_LEN = Libcrux.Digest.shake256 input \ No newline at end of file +let v_KDF (#v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN = Libcrux.Digest.shake256 input \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst index 3f9676dec..c467e6e8a 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst @@ -2,105 +2,15 @@ module Libcrux.Kem.Kyber.Ind_cpa #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -type t_PrivateKey (#v_SIZE: usize) = { f_value:array u8 v_SIZE } - -let impl (#v_SIZE: usize) : Core.Convert.t_AsRef (t_PrivateKey v_SIZE) (slice u8) = - { - f_impl__as_ref - = - fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value - } - -let impl_1 (#v_SIZE: usize) : Core.Convert.t_From (t_PrivateKey v_SIZE) (array u8 v_SIZE) = - { f_impl_1__from = fun (#v_SIZE: usize) (value: array u8 v_SIZE) -> { f_value = value } } - -let impl_2 (#v_SIZE: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_PrivateKey v_SIZE) = - { f_impl_2__from = fun (#v_SIZE: usize) (value: t_PrivateKey v_SIZE) -> value.f_value } - -let impl_3 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_PrivateKey v_SIZE) (slice u8) = - { - f_impl_3__Error = Core.Array.t_TryFromSliceError; - f_impl_3__try_from - = - fun (#v_SIZE: usize) (value: slice u8) -> - Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist2:array u8 v_SIZE = - match - Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value - <: - Core.Result.t_Result (array u8 v_SIZE) - (Core.Convert.impl_6 (slice u8) (array u8 v_SIZE)).f_Error) - with - | Core.Ops.Control_flow.ControlFlow_Break residual -> - let* hoist1:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual - - <: - Core.Result.t_Result (t_PrivateKey v_SIZE) Core.Array.t_TryFromSliceError) - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist1) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> - Core.Ops.Control_flow.ControlFlow_Continue v_val - in - Core.Ops.Control_flow.ControlFlow_Continue - (let hoist3:t_PrivateKey v_SIZE = { f_value = hoist2 } in - Core.Result.Result_Ok hoist3)) - } - -let impl_4 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) usize = - { - f_impl_4__Output = u8; - f_impl_4__index - = - fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (index: usize) -> self.f_value.[ index ] - } - -let impl_5 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) (Core.Ops.Range.t_Range usize) = - { - f_impl_5__Output = slice u8; - f_impl_5__index - = - fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> - self.f_value.[ range ] - } - -let impl_6 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) (Core.Ops.Range.t_RangeTo usize) = - { - f_impl_6__Output = slice u8; - f_impl_6__index - = - fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> - self.f_value.[ range ] - } - -let impl_7 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = - { - f_impl_7__Output = slice u8; - f_impl_7__index - = - fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeFrom usize) -> - self.f_value.[ range ] - } - -let impl_8__as_slice (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) : array u8 v_SIZE = self.f_value - -let impl_8__split_at (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (mid: usize) - : (slice u8 & slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: slice u8) mid - -let impl_8__len (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) : usize = v_SIZE - let serialize_secret_key (#v_SERIALIZED_KEY_LEN: usize) - (private_key public_key implicit_rejection_value: slice u8) - : array u8 v_SERIALIZED_KEY_LEN = + (private_key public_key implicit_rejection_value: t_Slice u8) + : t_Array u8 v_SERIALIZED_KEY_LEN = Libcrux.Kem.Kyber.Conversions.impl__array (Libcrux.Kem.Kyber.Conversions.f_push (Libcrux.Kem.Kyber.Conversions.f_push (Libcrux.Kem.Kyber.Conversions.f_push (Libcrux.Kem.Kyber.Conversions.f_push (Libcrux.Kem.Kyber.Conversions.impl__new (Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN <: - array u8 v_SERIALIZED_KEY_LEN) + t_Array u8 v_SERIALIZED_KEY_LEN) <: Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_SERIALIZED_KEY_LEN) private_key @@ -111,161 +21,155 @@ let serialize_secret_key Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_SERIALIZED_KEY_LEN) (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H public_key <: - array u8 (sz 32)) + t_Array u8 (sz 32)) <: - slice u8) + t_Slice u8) <: Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_SERIALIZED_KEY_LEN) implicit_rejection_value <: Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_SERIALIZED_KEY_LEN) -let sample_matrix_A (#v_K: usize) (seed: array u8 (sz 34)) (transpose: bool) - : (array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & - Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - let v_A_transpose:array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K - = - Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO +let sample_matrix_A (#v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) + : (t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & + Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO v_K <: - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K in - let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError - = - Core.Option.Option_None - in - let v_A_transpose, sampling_A_error:(array - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & - Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.t_Error = Core.Option.Option_None in + let v_A_transpose, sampling_A_error:(t_Array + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & + Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) (v_A_transpose, sampling_A_error) (fun (v_A_transpose, sampling_A_error) i -> - let seeds:array (array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in - let seeds:array (array u8 (sz 34)) v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in + let seeds:t_Array (t_Array u8 (sz 34)) v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) seeds (fun seeds j -> - let seeds:array (array u8 (sz 34)) v_K = + let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.update_at seeds j - (Rust_primitives.Hax.update_at (seeds.[ j ] <: array u8 (sz 34)) + (Rust_primitives.Hax.update_at (seeds.[ j ] <: t_Array u8 (sz 34)) (sz 32) (cast i <: u8) <: - array u8 (sz 34)) + t_Array u8 (sz 34)) in - let seeds:array (array u8 (sz 34)) v_K = + let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.update_at seeds j - (Rust_primitives.Hax.update_at (seeds.[ j ] <: array u8 (sz 34)) + (Rust_primitives.Hax.update_at (seeds.[ j ] <: t_Array u8 (sz 34)) (sz 33) (cast j <: u8) <: - array u8 (sz 34)) + t_Array u8 (sz 34)) in seeds) in - let xof_bytes:array (array u8 (sz 840)) v_K = + let xof_bytes:t_Array (t_Array u8 (sz 840)) v_K = Libcrux.Kem.Kyber.Hash_functions.v_XOFx4 seeds in - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) (v_A_transpose, sampling_A_error) (fun (v_A_transpose, sampling_A_error) j -> let sampled, error:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & - Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = + Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution (xof_bytes.[ j ] <: - array u8 (sz 840)) + t_Array u8 (sz 840)) in - let sampling_A_error:Core.Option.t_Option - Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = + let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.t_Error = if Core.Option.impl__is_some error then - let sampling_A_error:Core.Option.t_Option - Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = - error - in + let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.t_Error = error in sampling_A_error else sampling_A_error in if transpose then - let v_A_transpose:array - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K = + let v_A_transpose:t_Array + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K = Rust_primitives.Hax.update_at v_A_transpose j (Rust_primitives.Hax.update_at (v_A_transpose.[ j ] <: - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) i sampled <: - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in v_A_transpose, sampling_A_error else - let v_A_transpose:array - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K = + let v_A_transpose:t_Array + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K = Rust_primitives.Hax.update_at v_A_transpose i (Rust_primitives.Hax.update_at (v_A_transpose.[ i ] <: - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) j sampled <: - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in v_A_transpose, sampling_A_error)) in v_A_transpose, sampling_A_error -let cbd (#v_K #v_ETA #v_ETA_RANDOMNESS_SIZE: usize) (prf_input: array u8 (sz 33)) - : (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K & u8) = +let cbd (#v_K #v_ETA #v_ETA_RANDOMNESS_SIZE: usize) (prf_input: t_Array u8 (sz 33)) + : (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K & u8) = let domain_separator:u8 = 0uy in - let re_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K + let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO + v_K in - let domain_separator, prf_input, re_as_ntt:(u8 & array u8 (sz 33) & - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) & + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) (domain_separator, prf_input, re_as_ntt) (fun (domain_separator, prf_input, re_as_ntt) i -> - let prf_input:array u8 (sz 33) = + let prf_input:t_Array u8 (sz 33) = Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator in let domain_separator:u8 = domain_separator +! 1uy in - let (prf_output: array u8 v_ETA_RANDOMNESS_SIZE):array u8 v_ETA_RANDOMNESS_SIZE = - Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: slice u8) + let (prf_output: t_Array u8 v_ETA_RANDOMNESS_SIZE):t_Array u8 v_ETA_RANDOMNESS_SIZE = + Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: t_Slice u8) in let r:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution (Rust_primitives.unsize prf_output <: - slice u8) + t_Slice u8) in - let re_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.update_at re_as_ntt i (Libcrux.Kem.Kyber.Ntt.ntt_with_debug_asserts r (cast v_ETA <: i32) @@ -278,25 +182,22 @@ let cbd (#v_K #v_ETA #v_ETA_RANDOMNESS_SIZE: usize) (prf_input: array u8 (sz 33) let serialize_key (#v_K #v_OUT_LEN: usize) - (key: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) - : array u8 v_OUT_LEN = - let out:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in - let out:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (key: t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + : t_Array u8 v_OUT_LEN = + let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let out:t_Array u8 v_OUT_LEN = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Iter.Traits.Collect.f_into_iter key <: - (Core.Array.Iter.impl Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) - .f_IntoIter) + Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement + v_K) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement - v_K))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) out (fun out (i, re) -> Rust_primitives.Hax.update_at out @@ -322,45 +223,50 @@ let serialize_key usize }) <: - slice u8) + t_Slice u8) (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element re <: - array u8 (sz 384)) + t_Array u8 (sz 384)) <: - slice u8) + t_Slice u8) <: - slice u8) + t_Slice u8) <: - array u8 v_OUT_LEN) + t_Array u8 v_OUT_LEN) in out let generate_keypair (#v_K #v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE #v_RANKED_BYTES_PER_RING_ELEMENT #v_ETA1 #v_ETA1_RANDOMNESS_SIZE: usize) - (key_generation_seed: slice u8) - : ((t_PrivateKey v_PRIVATE_KEY_SIZE & Libcrux.Kem.Kyber.t_KyberPublicKey v_PUBLIC_KEY_SIZE) & - Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - let (prf_input: array u8 (sz 33)):array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in - let secret_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K + (key_generation_seed: t_Slice u8) + : ((Libcrux.Kem.Kyber.Types.t_PrivateKey v_PRIVATE_KEY_SIZE & + Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) & + Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in + let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO + v_K in - let error_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K + let error_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO + v_K in let (domain_separator: u8):u8 = 0uy in - let hashed:array u8 (sz 64) = Libcrux.Kem.Kyber.Hash_functions.v_G key_generation_seed in - let seed_for_A, seed_for_secret_and_error:(slice u8 & slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: slice u8) (sz 32) - in - let v_A_transpose, sampling_A_error:(array - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & - Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - sample_matrix_A (Libcrux.Kem.Kyber.Conversions.into_padded_array seed_for_A <: array u8 (sz 34)) + let hashed:t_Array u8 (sz 64) = Libcrux.Kem.Kyber.Hash_functions.v_G key_generation_seed in + let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + in + let v_A_transpose, sampling_A_error:(t_Array + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & + Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + sample_matrix_A (Libcrux.Kem.Kyber.Conversions.into_padded_array seed_for_A + <: + t_Array u8 (sz 34)) true in - let prf_input:array u8 (sz 33) = + let prf_input:t_Array u8 (sz 33) = Rust_primitives.Hax.update_at prf_input ({ Core.Ops.Range.f_start = sz 0; @@ -372,35 +278,35 @@ let generate_keypair Core.Ops.Range.f_end = Core.Slice.impl__len seed_for_secret_and_error <: usize }) <: - slice u8) + t_Slice u8) seed_for_secret_and_error <: - slice u8) + t_Slice u8) in - let domain_separator, prf_input, secret_as_ntt:(u8 & array u8 (sz 33) & - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + let domain_separator, prf_input, secret_as_ntt:(u8 & t_Array u8 (sz 33) & + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) (domain_separator, prf_input, secret_as_ntt) (fun (domain_separator, prf_input, secret_as_ntt) i -> - let prf_input:array u8 (sz 33) = + let prf_input:t_Array u8 (sz 33) = Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator in let domain_separator:u8 = domain_separator +! 1uy in - let (prf_output: array u8 v_ETA1_RANDOMNESS_SIZE):array u8 v_ETA1_RANDOMNESS_SIZE = - Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: slice u8) + let (prf_output: t_Array u8 v_ETA1_RANDOMNESS_SIZE):t_Array u8 v_ETA1_RANDOMNESS_SIZE = + Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: t_Slice u8) in let secret:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution (Rust_primitives.unsize prf_output <: - slice u8) + t_Slice u8) in - let secret_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.update_at secret_as_ntt i (Libcrux.Kem.Kyber.Ntt.ntt_with_debug_asserts secret (cast v_ETA1 <: i32) @@ -410,30 +316,30 @@ let generate_keypair domain_separator, prf_input, secret_as_ntt) in let domain_separator, error_as_ntt, prf_input:(u8 & - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K & - array u8 (sz 33)) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K & + t_Array u8 (sz 33)) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) (domain_separator, error_as_ntt, prf_input) (fun (domain_separator, error_as_ntt, prf_input) i -> - let prf_input:array u8 (sz 33) = + let prf_input:t_Array u8 (sz 33) = Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator in let domain_separator:u8 = domain_separator +! 1uy in - let (prf_output: array u8 v_ETA1_RANDOMNESS_SIZE):array u8 v_ETA1_RANDOMNESS_SIZE = - Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: slice u8) + let (prf_output: t_Array u8 v_ETA1_RANDOMNESS_SIZE):t_Array u8 v_ETA1_RANDOMNESS_SIZE = + Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: t_Slice u8) in let error:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution (Rust_primitives.unsize prf_output <: - slice u8) + t_Slice u8) in - let error_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let error_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.update_at error_as_ntt i (Libcrux.Kem.Kyber.Ntt.ntt_with_debug_asserts error (cast v_ETA1 <: i32) @@ -442,52 +348,50 @@ let generate_keypair in domain_separator, error_as_ntt, prf_input) in - let tt_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Libcrux.Kem.Kyber.Ntt.compute_As_plus_e v_A_transpose secret_as_ntt error_as_ntt in let public_key_serialized:Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_PUBLIC_KEY_SIZE = Libcrux.Kem.Kyber.Conversions.impl__new (Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE <: - array u8 v_PUBLIC_KEY_SIZE) + t_Array u8 v_PUBLIC_KEY_SIZE) in let public_key_serialized:Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_PUBLIC_KEY_SIZE = Libcrux.Kem.Kyber.Conversions.f_push public_key_serialized - (Rust_primitives.unsize (serialize_key tt_as_ntt <: array u8 v_RANKED_BYTES_PER_RING_ELEMENT) + (Rust_primitives.unsize (serialize_key tt_as_ntt <: t_Array u8 v_RANKED_BYTES_PER_RING_ELEMENT + ) <: - slice u8) + t_Slice u8) in - let public_key_serialized:array u8 v_PUBLIC_KEY_SIZE = + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = Libcrux.Kem.Kyber.Conversions.impl__array (Libcrux.Kem.Kyber.Conversions.f_push public_key_serialized seed_for_A <: Libcrux.Kem.Kyber.Conversions.t_UpdatableArray v_PUBLIC_KEY_SIZE) in - let secret_key_serialized:array u8 v_PRIVATE_KEY_SIZE = serialize_key secret_as_ntt in + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = serialize_key secret_as_ntt in FStar.Pervasives.Native.Mktuple2 (Core.Convert.f_into secret_key_serialized) (Core.Convert.f_into public_key_serialized), sampling_A_error let compress_then_encode_u (#v_K #v_OUT_LEN #v_COMPRESSION_FACTOR #v_BLOCK_LEN: usize) - (input: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) - : array u8 v_OUT_LEN = - let out:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in - let out:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (input: t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + : t_Array u8 v_OUT_LEN = + let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let out:t_Array u8 v_OUT_LEN = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Iter.Traits.Collect.f_into_iter input <: - (Core.Array.Iter.impl Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) - .f_IntoIter) + Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement + v_K) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement - v_K))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) out (fun out (i, re) -> Rust_primitives.Hax.update_at out @@ -503,49 +407,48 @@ let compress_then_encode_u (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize }) <: - slice u8) + t_Slice u8) (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.serialize_little_endian (Libcrux.Kem.Kyber.Compress.compress re <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - array u8 v_BLOCK_LEN) + t_Array u8 v_BLOCK_LEN) <: - slice u8) + t_Slice u8) <: - slice u8) + t_Slice u8) <: - array u8 v_OUT_LEN) + t_Array u8 v_OUT_LEN) in out let encrypt (#v_K #v_CIPHERTEXT_SIZE #v_T_AS_NTT_ENCODED_SIZE #v_C1_LEN #v_C2_LEN #v_VECTOR_U_COMPRESSION_FACTOR #v_VECTOR_V_COMPRESSION_FACTOR #v_BLOCK_LEN #v_ETA1 #v_ETA1_RANDOMNESS_SIZE #v_ETA2 #v_ETA2_RANDOMNESS_SIZE: usize) - (public_key: slice u8) - (message: array u8 (sz 32)) - (randomness: slice u8) - : (Libcrux.Kem.Kyber.t_KyberCiphertext v_CIPHERTEXT_SIZE & - Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - let tt_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K - in - let tt_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + : (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & + Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO + v_K + in + let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } ] <: - slice u8) + t_Slice u8) Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) tt_as_ntt (fun tt_as_ntt (i, tt_as_ntt_bytes) -> Rust_primitives.Hax.update_at tt_as_ntt @@ -554,76 +457,78 @@ let encrypt <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in - let seed:slice u8 = public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } ] in - let v_A_transpose, sampling_A_error:(array - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & - Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = - sample_matrix_A (Libcrux.Kem.Kyber.Conversions.into_padded_array seed <: array u8 (sz 34)) false + let seed:t_Slice u8 = public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } ] in + let v_A_transpose, sampling_A_error:(t_Array + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & + Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + sample_matrix_A (Libcrux.Kem.Kyber.Conversions.into_padded_array seed <: t_Array u8 (sz 34)) + false in - let (prf_input: array u8 (sz 33)):array u8 (sz 33) = + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = Libcrux.Kem.Kyber.Conversions.into_padded_array randomness in - let r_as_ntt, domain_separator:(array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement + let r_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K & u8) = cbd prf_input in - let error_1_:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K + let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO + v_K in let domain_separator, error_1_, prf_input:(u8 & - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K & - array u8 (sz 33)) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K & + t_Array u8 (sz 33)) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) (domain_separator, error_1_, prf_input) (fun (domain_separator, error_1_, prf_input) i -> - let prf_input:array u8 (sz 33) = + let prf_input:t_Array u8 (sz 33) = Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator in let domain_separator:u8 = domain_separator +! 1uy in - let (prf_output: array u8 v_ETA2_RANDOMNESS_SIZE):array u8 v_ETA2_RANDOMNESS_SIZE = - Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: slice u8) + let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = + Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: t_Slice u8) in - let error_1_:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.update_at error_1_ i (Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution (Rust_primitives.unsize prf_output <: - slice u8) + t_Slice u8) <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) in domain_separator, error_1_, prf_input) in - let prf_input:array u8 (sz 33) = + let prf_input:t_Array u8 (sz 33) = Rust_primitives.Hax.update_at prf_input (sz 32) domain_separator in - let (prf_output: array u8 v_ETA2_RANDOMNESS_SIZE):array u8 v_ETA2_RANDOMNESS_SIZE = - Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: slice u8) + let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = + Libcrux.Kem.Kyber.Hash_functions.v_PRF (Rust_primitives.unsize prf_input <: t_Slice u8) in let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution (Rust_primitives.unsize prf_output <: - slice u8) + t_Slice u8) in - let u:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let u:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Libcrux.Kem.Kyber.Ntt.multiply_matrix_by_column_montgomery v_A_transpose r_as_ntt in - let u:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + let u:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) u (fun u i -> Rust_primitives.Hax.update_at u @@ -635,14 +540,14 @@ let encrypt Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +! (error_1_.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - (Libcrux.Kem.Kyber.Arithmetic.impl_3).f_Output) + Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in let message_as_ring_element:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message message in - let v = + let v:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = ((Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery (Libcrux.Kem.Kyber.Ntt.multiply_row_by_column_montgomery tt_as_ntt r_as_ntt @@ -652,50 +557,52 @@ let encrypt Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +! error_2_ <: - (Libcrux.Kem.Kyber.Arithmetic.impl_3).f_Output) +! + Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +! message_as_ring_element in - let c1:array u8 v_C1_LEN = compress_then_encode_u u in - let c2:array u8 v_C2_LEN = + let c1:t_Array u8 v_C1_LEN = compress_then_encode_u u in + let c2:t_Array u8 v_C2_LEN = Libcrux.Kem.Kyber.Serialize.serialize_little_endian (Libcrux.Kem.Kyber.Compress.compress v <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) in - let (ciphertext: array u8 v_CIPHERTEXT_SIZE):array u8 v_CIPHERTEXT_SIZE = - Libcrux.Kem.Kyber.Conversions.into_padded_array (Rust_primitives.unsize c1 <: slice u8) + let (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE):t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux.Kem.Kyber.Conversions.into_padded_array (Rust_primitives.unsize c1 <: t_Slice u8) in - let ciphertext:array u8 v_CIPHERTEXT_SIZE = + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.update_at ciphertext ({ Core.Ops.Range.f_start = v_C1_LEN }) (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut ciphertext ({ Core.Ops.Range.f_start = v_C1_LEN }) <: - slice u8) - (Core.Array.impl_23__as_slice c2 <: slice u8) + t_Slice u8) + (Core.Array.impl_23__as_slice c2 <: t_Slice u8) <: - slice u8) + t_Slice u8) in Core.Convert.f_into ciphertext, sampling_A_error let decrypt (#v_K #v_CIPHERTEXT_SIZE #v_VECTOR_U_ENCODED_SIZE #v_VECTOR_U_COMPRESSION_FACTOR #v_VECTOR_V_COMPRESSION_FACTOR: usize) - (secret_key: slice u8) - (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext v_CIPHERTEXT_SIZE) - : array u8 (sz 32) = - let u_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K + (secret_key: t_Slice u8) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) + : t_Array u8 (sz 32) = + let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO + v_K in - let secret_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K + let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO + v_K in - let u_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact (ciphertext.[ { Core.Ops.Range.f_end = v_VECTOR_U_ENCODED_SIZE } ] <: - slice u8) + t_Slice u8) ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR <: @@ -708,9 +615,7 @@ let decrypt <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) u_as_ntt (fun u_as_ntt (i, u_bytes) -> let u:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -719,7 +624,7 @@ let decrypt <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) in - let u_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.update_at u_as_ntt i (Libcrux.Kem.Kyber.Ntt.ntt_representation u @@ -732,12 +637,12 @@ let decrypt Libcrux.Kem.Kyber.Compress.decompress (Libcrux.Kem.Kyber.Serialize.deserialize_little_endian (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE } ] <: - slice u8) + t_Slice u8) <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) in - let secret_as_ntt:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact secret_key Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT <: @@ -745,9 +650,7 @@ let decrypt <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) secret_as_ntt (fun secret_as_ntt (i, secret_bytes) -> Rust_primitives.Hax.update_at secret_as_ntt @@ -756,9 +659,9 @@ let decrypt <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) in - let message = + let message:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = v -! (Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery (Libcrux.Kem.Kyber.Ntt.multiply_row_by_column_montgomery secret_as_ntt diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst index ba43696f0..4c7a8fe29 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst @@ -58,28 +58,27 @@ let v_ETA2: usize = sz 2 let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 -let t_Kyber1024Ciphertext = Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1568) +let t_Kyber1024Ciphertext = Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568) -let t_Kyber1024PrivateKey = Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 3168) +let t_Kyber1024PrivateKey = Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168) -let t_Kyber1024PublicKey = Libcrux.Kem.Kyber.t_KyberPublicKey (sz 1568) +let t_Kyber1024PublicKey = Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568) -let t_Kyber1024SharedSecret = Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32) +let t_Kyber1024SharedSecret = Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32) -let generate_key_pair_1024_ (randomness: array u8 (sz 64)) - : Core.Result.t_Result (Libcrux.Kem.Kyber.t_KyberKeyPair (sz 3168) (sz 1568)) - Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = - Libcrux.Kem.Kyber.generate_keypair randomness +let generate_key_pair_1024_ (randomness: t_Array u8 (sz 64)) + : Core.Result.t_Result (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 3168) (sz 1568)) + Libcrux.Kem.Kyber.t_Error = Libcrux.Kem.Kyber.generate_keypair randomness let encapsulate_1024_ - (public_key: Libcrux.Kem.Kyber.t_KyberPublicKey (sz 1568)) - (randomness: array u8 (sz 32)) + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) : Core.Result.t_Result - (Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1568) & Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32) - ) Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = + (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568) & + Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32)) Libcrux.Kem.Kyber.t_Error = Libcrux.Kem.Kyber.encapsulate public_key randomness let decapsulate_1024_ - (secret_key: Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 3168)) - (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1568)) - : array u8 (sz 32) = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168)) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)) + : t_Array u8 (sz 32) = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst index 92601226a..63e8c60df 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst @@ -58,28 +58,27 @@ let v_ETA2: usize = sz 2 let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 -let t_Kyber512Ciphertext = Libcrux.Kem.Kyber.t_KyberCiphertext (sz 768) +let t_Kyber512Ciphertext = Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768) -let t_Kyber512PrivateKey = Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 1632) +let t_Kyber512PrivateKey = Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632) -let t_Kyber512PublicKey = Libcrux.Kem.Kyber.t_KyberPublicKey (sz 800) +let t_Kyber512PublicKey = Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800) -let t_Kyber512SharedSecret = Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32) +let t_Kyber512SharedSecret = Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32) -let generate_key_pair_512_ (randomness: array u8 (sz 64)) - : Core.Result.t_Result (Libcrux.Kem.Kyber.t_KyberKeyPair (sz 1632) (sz 800)) - Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = - Libcrux.Kem.Kyber.generate_keypair randomness +let generate_key_pair_512_ (randomness: t_Array u8 (sz 64)) + : Core.Result.t_Result (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 1632) (sz 800)) + Libcrux.Kem.Kyber.t_Error = Libcrux.Kem.Kyber.generate_keypair randomness let encapsulate_512_ - (public_key: Libcrux.Kem.Kyber.t_KyberPublicKey (sz 800)) - (randomness: array u8 (sz 32)) + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) : Core.Result.t_Result - (Libcrux.Kem.Kyber.t_KyberCiphertext (sz 768) & Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32)) - Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = + (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768) & + Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32)) Libcrux.Kem.Kyber.t_Error = Libcrux.Kem.Kyber.encapsulate public_key randomness let decapsulate_512_ - (secret_key: Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 1632)) - (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext (sz 768)) - : array u8 (sz 32) = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632)) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)) + : t_Array u8 (sz 32) = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst index f43856491..85816015e 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst @@ -58,28 +58,27 @@ let v_ETA2: usize = sz 2 let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 -let t_Kyber768Ciphertext = Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1088) +let t_Kyber768Ciphertext = Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) -let t_Kyber768PrivateKey = Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 2400) +let t_Kyber768PrivateKey = Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400) -let t_Kyber768PublicKey = Libcrux.Kem.Kyber.t_KyberPublicKey (sz 1184) +let t_Kyber768PublicKey = Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184) -let t_Kyber768SharedSecret = Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32) +let t_Kyber768SharedSecret = Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32) -let generate_key_pair_768_ (randomness: array u8 (sz 64)) - : Core.Result.t_Result (Libcrux.Kem.Kyber.t_KyberKeyPair (sz 2400) (sz 1184)) - Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = - Libcrux.Kem.Kyber.generate_keypair randomness +let generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) + : Core.Result.t_Result (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184)) + Libcrux.Kem.Kyber.t_Error = Libcrux.Kem.Kyber.generate_keypair randomness let encapsulate_768_ - (public_key: Libcrux.Kem.Kyber.t_KyberPublicKey (sz 1184)) - (randomness: array u8 (sz 32)) + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) : Core.Result.t_Result - (Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1088) & Libcrux.Kem.Kyber.t_KyberSharedSecret (sz 32) - ) Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError = + (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & + Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32)) Libcrux.Kem.Kyber.t_Error = Libcrux.Kem.Kyber.encapsulate public_key randomness let decapsulate_768_ - (secret_key: Libcrux.Kem.Kyber.t_KyberPrivateKey (sz 2400)) - (ciphertext: Libcrux.Kem.Kyber.t_KyberCiphertext (sz 1088)) - : array u8 (sz 32) = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) + : t_Array u8 (sz 32) = Libcrux.Kem.Kyber.decapsulate secret_key ciphertext \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ntt.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ntt.fst index 6403e296e..7e54384e1 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ntt.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ntt.fst @@ -2,7 +2,7 @@ module Libcrux.Kem.Kyber.Ntt #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let v_ZETAS_MONTGOMERY_DOMAIN: array i32 (sz 128) = +let v_ZETAS_MONTGOMERY_DOMAIN: t_Array i32 (sz 128) = let list = [ (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l; @@ -32,9 +32,9 @@ let ntt_with_debug_asserts Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> - (Core.Num.impl_2__abs coefficient <: i32) <=. coefficient_bound <: bool) + (Core.Num.impl__i32__abs coefficient <: i32) <=. coefficient_bound <: bool) in let _:Prims.unit = if ~.out @@ -49,7 +49,7 @@ let ntt_with_debug_asserts let zeta_i:usize = sz 0 in let layer_number:i32 = 0l in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -60,19 +60,17 @@ let ntt_with_debug_asserts <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 128 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = (re.[ j +! sz 128 <: usize ] <: i32) *! (-1600l) in @@ -96,9 +94,9 @@ let ntt_with_debug_asserts Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> - (Core.Num.impl_2__abs coefficient <: i32) <. + (Core.Num.impl__i32__abs coefficient <: i32) <. (coefficient_bound +! ((layer_number *! 3l <: i32) *! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS /! 2l <: i32) @@ -120,7 +118,7 @@ let ntt_with_debug_asserts () in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -131,19 +129,17 @@ let ntt_with_debug_asserts <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 64 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -174,9 +170,9 @@ let ntt_with_debug_asserts Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> - (Core.Num.impl_2__abs coefficient <: i32) <. + (Core.Num.impl__i32__abs coefficient <: i32) <. (coefficient_bound +! ((layer_number *! 3l <: i32) *! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS /! 2l <: i32) @@ -198,7 +194,7 @@ let ntt_with_debug_asserts () in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -209,19 +205,17 @@ let ntt_with_debug_asserts <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 32 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -252,9 +246,9 @@ let ntt_with_debug_asserts Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> - (Core.Num.impl_2__abs coefficient <: i32) <. + (Core.Num.impl__i32__abs coefficient <: i32) <. (coefficient_bound +! ((layer_number *! 3l <: i32) *! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS /! 2l <: i32) @@ -276,7 +270,7 @@ let ntt_with_debug_asserts () in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -287,19 +281,17 @@ let ntt_with_debug_asserts <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 16 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -330,9 +322,9 @@ let ntt_with_debug_asserts Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> - (Core.Num.impl_2__abs coefficient <: i32) <. + (Core.Num.impl__i32__abs coefficient <: i32) <. (coefficient_bound +! ((layer_number *! 3l <: i32) *! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS /! 2l <: i32) @@ -354,7 +346,7 @@ let ntt_with_debug_asserts () in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -365,19 +357,17 @@ let ntt_with_debug_asserts <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 8 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -408,9 +398,9 @@ let ntt_with_debug_asserts Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> - (Core.Num.impl_2__abs coefficient <: i32) <. + (Core.Num.impl__i32__abs coefficient <: i32) <. (coefficient_bound +! ((layer_number *! 3l <: i32) *! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS /! 2l <: i32) @@ -432,7 +422,7 @@ let ntt_with_debug_asserts () in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -443,19 +433,17 @@ let ntt_with_debug_asserts <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 4 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -486,9 +474,9 @@ let ntt_with_debug_asserts Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> - (Core.Num.impl_2__abs coefficient <: i32) <. + (Core.Num.impl__i32__abs coefficient <: i32) <. (coefficient_bound +! ((layer_number *! 3l <: i32) *! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS /! 2l <: i32) @@ -510,7 +498,7 @@ let ntt_with_debug_asserts () in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -521,19 +509,17 @@ let ntt_with_debug_asserts <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 2 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -564,9 +550,9 @@ let ntt_with_debug_asserts Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> - (Core.Num.impl_2__abs coefficient <: i32) <. + (Core.Num.impl__i32__abs coefficient <: i32) <. (coefficient_bound +! ((layer_number *! 3l <: i32) *! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS /! 2l <: i32) @@ -602,7 +588,7 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let zeta_i:usize = sz 0 in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -613,19 +599,17 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 128 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -649,7 +633,7 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -660,19 +644,17 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 64 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -696,7 +678,7 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -707,19 +689,17 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 32 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -743,7 +723,7 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -754,19 +734,17 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 16 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -790,7 +768,7 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -801,19 +779,17 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 8 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -837,7 +813,7 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -848,19 +824,17 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 4 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -884,7 +858,7 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -895,19 +869,17 @@ let ntt_representation (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingEl <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i +! sz 1 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = offset +! sz 2 <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let t:i32 = @@ -945,7 +917,7 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let zeta_i:usize = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -956,21 +928,19 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i -! sz 1 in let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in let v_end:usize = offset +! sz 2 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = v_end }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let a_minus_b:i32 = (re.[ j +! sz 2 <: usize ] <: i32) -! (re.[ j ] <: i32) in @@ -993,7 +963,7 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -1004,21 +974,19 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i -! sz 1 in let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in let v_end:usize = offset +! sz 4 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = v_end }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let a_minus_b:i32 = (re.[ j +! sz 4 <: usize ] <: i32) -! (re.[ j ] <: i32) in @@ -1041,7 +1009,7 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -1052,21 +1020,19 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i -! sz 1 in let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in let v_end:usize = offset +! sz 8 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = v_end }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let a_minus_b:i32 = (re.[ j +! sz 8 <: usize ] <: i32) -! (re.[ j ] <: i32) in @@ -1089,7 +1055,7 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -1100,21 +1066,19 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i -! sz 1 in let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in let v_end:usize = offset +! sz 16 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = v_end }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let a_minus_b:i32 = (re.[ j +! sz 16 <: usize ] <: i32) -! (re.[ j ] <: i32) in @@ -1137,7 +1101,7 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -1148,21 +1112,19 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i -! sz 1 in let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in let v_end:usize = offset +! sz 32 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = v_end }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let a_minus_b:i32 = (re.[ j +! sz 32 <: usize ] <: i32) -! (re.[ j ] <: i32) in @@ -1185,7 +1147,7 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -1196,21 +1158,19 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i -! sz 1 in let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in let v_end:usize = offset +! sz 64 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = v_end }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let a_minus_b:i32 = (re.[ j +! sz 64 <: usize ] <: i32) -! (re.[ j ] <: i32) in @@ -1233,7 +1193,7 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin re, zeta_i) in let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end @@ -1244,21 +1204,19 @@ let invert_ntt_montgomery (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRin <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) (re, zeta_i) (fun (re, zeta_i) offset -> let zeta_i:usize = zeta_i -! sz 1 in let zeta_i_value:i32 = v_ZETAS_MONTGOMERY_DOMAIN.[ zeta_i ] in let v_end:usize = offset +! sz 128 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = offset; Core.Ops.Range.f_end = v_end }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> let a_minus_b:i32 = (re.[ j +! sz 128 <: usize ] <: i32) -! (re.[ j ] <: i32) in @@ -1312,7 +1270,7 @@ let ntt_multiply (left right: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRing let _, out:(Core.Array.Iter.t_IntoIter i32 (sz 256) & bool) = Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter left <: - (Libcrux.Kem.Kyber.Arithmetic.impl_2).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> (coefficient >=. 0l <: bool) && (coefficient <. 4096l <: bool)) in let _:Prims.unit = @@ -1331,7 +1289,7 @@ let ntt_multiply (left right: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRing let _, out:(Core.Array.Iter.t_IntoIter i32 (sz 256) & bool) = Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter right <: - (Libcrux.Kem.Kyber.Arithmetic.impl_2).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> (coefficient >. (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) @@ -1350,10 +1308,10 @@ let ntt_multiply (left right: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRing () in let out:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__ZERO + Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO in let out:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT @@ -1362,9 +1320,7 @@ let ntt_multiply (left right: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRing <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range usize)) out (fun out i -> let product:(i32 & i32) = @@ -1404,7 +1360,7 @@ let ntt_multiply (left right: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRing let _, out:(Core.Array.Iter.t_IntoIter i32 (sz 256) & bool) = Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter out <: - (Libcrux.Kem.Kyber.Arithmetic.impl_2).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> (coefficient >. (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) @@ -1427,35 +1383,31 @@ let ntt_multiply (left right: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRing let multiply_row_by_column_montgomery (#v_K: usize) (row_vector column_vector: - array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let result:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__ZERO + Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO in - let result = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_zip + let result:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_zip (Core.Slice.impl__iter (Rust_primitives.unsize row_vector <: - slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) + t_Slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) (Core.Slice.impl__iter (Rust_primitives.unsize column_vector <: - slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) + t_Slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: Core.Iter.Adapters.Zip.t_Zip (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - (Core.Iter.Traits.Collect.impl - (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement)) - .f_IntoIter) + (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Zip.t_Zip - (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement))) - .f_IntoIter) + Core.Iter.Adapters.Zip.t_Zip + (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) + (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement)) result (fun result (row_element, column_element) -> result +! @@ -1463,7 +1415,7 @@ let multiply_row_by_column_montgomery <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - (Libcrux.Kem.Kyber.Arithmetic.impl_3).f_Output) + Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) in let result:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { @@ -1478,37 +1430,36 @@ let multiply_row_by_column_montgomery let multiply_matrix_by_column_montgomery (#v_K: usize) - (matrix: array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K) - (vector: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) - : array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K + (matrix: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K) + (vector: t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + : t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO + v_K in - let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__iter (Rust_primitives.unsize matrix <: - slice (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) + t_Slice (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) <: Core.Slice.Iter.t_Iter - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K))) + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K))) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K))) result (fun result (i, row) -> - let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__iter (Rust_primitives.unsize row <: - slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) + t_Slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) @@ -1517,28 +1468,25 @@ let multiply_matrix_by_column_montgomery (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement)) result (fun result (j, matrix_element) -> let product:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = ntt_multiply matrix_element (vector.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) in - let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.update_at result i ((result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +! product <: - (Libcrux.Kem.Kyber.Arithmetic.impl_3).f_Output) + Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) in result) in - let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.update_at result i ({ @@ -1551,7 +1499,7 @@ let multiply_matrix_by_column_montgomery .Libcrux.Kem.Kyber.Arithmetic.f_coefficients Libcrux.Kem.Kyber.Arithmetic.barrett_reduce <: - array i32 (sz 256) + t_Array i32 (sz 256) }) in result) @@ -1560,37 +1508,37 @@ let multiply_matrix_by_column_montgomery let compute_As_plus_e (#v_K: usize) - (matrix_A: array (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K) - (s_as_ntt error_as_ntt: array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) - : array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__ZERO v_K + (matrix_A: + t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K) + (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) + : t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO + v_K in - let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__iter (Rust_primitives.unsize matrix_A <: - slice (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) + t_Slice (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) <: Core.Slice.Iter.t_Iter - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K))) + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K))) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K)))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter + (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K))) result (fun result (i, row) -> - let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__iter (Rust_primitives.unsize row <: - slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) + t_Slice Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) @@ -1599,24 +1547,21 @@ let compute_As_plus_e (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement)) result (fun result (j, matrix_element) -> let product:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = ntt_multiply matrix_element (s_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) in - let result:array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = + let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.update_at result i ((result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) +! product <: - (Libcrux.Kem.Kyber.Arithmetic.impl_3).f_Output) + Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) in result) in @@ -1628,9 +1573,9 @@ let compute_As_plus_e <: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) <: - (Libcrux.Kem.Kyber.Arithmetic.impl_2).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> - (Core.Num.impl_2__abs coefficient <: i32) <. + (Core.Num.impl__i32__abs coefficient <: i32) <. ((cast v_K <: i32) *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: bool) @@ -1645,7 +1590,7 @@ let compute_As_plus_e in () in - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = @@ -1654,12 +1599,12 @@ let compute_As_plus_e Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - slice i32) + t_Slice i32) <: usize }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) result (fun result j -> let coefficient_normal_form:i32 = diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst index ec540b1e8..509ef2a01 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst @@ -2,23 +2,23 @@ module Libcrux.Kem.Kyber.Sampling #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let sample_from_uniform_distribution (#v_SEED_SIZE: usize) (randomness: array u8 v_SEED_SIZE) +let sample_from_uniform_distribution (#v_SEED_SIZE: usize) (randomness: t_Array u8 v_SEED_SIZE) : (Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & - Core.Option.t_Option Libcrux.Kem.Kyber.t_BadRejectionSamplingRandomnessError) = + Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = let (sampled_coefficients: usize):usize = sz 0 in let (out: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__ZERO + Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO in let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & usize) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__chunks - (Rust_primitives.unsize randomness <: slice u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__chunks ( + Rust_primitives.unsize randomness <: t_Slice u8) (sz 3) <: Core.Slice.Iter.t_Chunks u8) <: - (Core.Iter.Traits.Collect.impl (Core.Slice.Iter.t_Chunks u8)).f_IntoIter) + Core.Slice.Iter.t_Chunks u8) (out, sampled_coefficients) (fun (out, sampled_coefficients) bytes -> let b1:i32 = cast bytes.[ sz 0 ] <: i32 in @@ -53,7 +53,7 @@ let sample_from_uniform_distribution (#v_SEED_SIZE: usize) (randomness: array u8 in if sampled_coefficients =. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT then - let* hoist4:Rust_primitives.Hax.t_Never = + let* hoist1:Rust_primitives.Hax.t_Never = Core.Ops.Control_flow.ControlFlow.v_Break (out, Core.Option.Option_None) in Core.Ops.Control_flow.ControlFlow_Continue (out, sampled_coefficients) @@ -66,7 +66,7 @@ let sample_from_uniform_distribution (#v_SEED_SIZE: usize) (randomness: array u8 Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter out .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> (coefficient >=. 0l <: bool) && (coefficient <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: bool)) @@ -81,23 +81,21 @@ let sample_from_uniform_distribution (#v_SEED_SIZE: usize) (randomness: array u8 in () in - out, Core.Option.Option_Some Libcrux.Kem.Kyber.BadRejectionSamplingRandomnessError + out, Core.Option.Option_Some Libcrux.Kem.Kyber.Error_RejectionSampling -let sample_from_binomial_distribution_2_ (randomness: slice u8) +let sample_from_binomial_distribution_2_ (randomness: t_Slice u8) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__ZERO + Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO in let sampled:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) sampled (fun sampled (chunk_number, byte_chunk) -> let (random_bits_as_u32: u32):u32 = @@ -113,15 +111,16 @@ let sample_from_binomial_distribution_2_ (randomness: slice u8) let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by - ({ Core.Ops.Range.f_start = 0ul; Core.Ops.Range.f_end = Core.Num.impl_8__BITS }) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + ({ + Core.Ops.Range.f_start = 0ul; + Core.Ops.Range.f_end = Core.Num.impl__u32__BITS + }) (sz 4) <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) sampled (fun sampled outcome_set -> let outcome_1_:i32 = @@ -145,7 +144,7 @@ let sample_from_binomial_distribution_2_ (randomness: slice u8) Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter sampled .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> (coefficient >=. (-2l) <: bool) && (coefficient <=. 2l <: bool)) in let _:Prims.unit = @@ -160,21 +159,19 @@ let sample_from_binomial_distribution_2_ (randomness: slice u8) in sampled -let sample_from_binomial_distribution_3_ (randomness: slice u8) +let sample_from_binomial_distribution_3_ (randomness: t_Slice u8) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__ZERO + Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO in let sampled:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) sampled (fun sampled (chunk_number, byte_chunk) -> let (random_bits_as_u24: u32):u32 = @@ -188,15 +185,13 @@ let sample_from_binomial_distribution_3_ (randomness: slice u8) let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l }) (sz 6) <: Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32))) - .f_IntoIter) + Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) sampled (fun sampled outcome_set -> let outcome_1_:i32 = @@ -220,7 +215,7 @@ let sample_from_binomial_distribution_3_ (randomness: slice u8) Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter sampled .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> (coefficient >=. (-3l) <: bool) && (coefficient <=. 3l <: bool)) in let _:Prims.unit = @@ -235,7 +230,7 @@ let sample_from_binomial_distribution_3_ (randomness: slice u8) in sampled -let sample_from_binomial_distribution (#v_ETA: usize) (randomness: slice u8) +let sample_from_binomial_distribution (#v_ETA: usize) (randomness: t_Slice u8) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let _:Prims.unit = if true @@ -264,14 +259,14 @@ let sample_from_binomial_distribution (#v_ETA: usize) (randomness: slice u8) FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); Rust_primitives.Hax.array_of_list list) <: - slice string) + t_Slice string) (Rust_primitives.unsize (let list = [Core.Fmt.Rt.impl_1__new_display v_ETA <: Core.Fmt.Rt.t_Argument] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); Rust_primitives.Hax.array_of_list list) <: - slice Core.Fmt.Rt.t_Argument) + t_Slice Core.Fmt.Rt.t_Argument) <: Core.Fmt.t_Arguments) <: diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Serialize.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Serialize.fst index 346e4331d..5c8503199 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Serialize.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Serialize.fst @@ -3,33 +3,29 @@ module Libcrux.Kem.Kyber.Serialize open Core let compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - : array u8 (sz 32) = - let serialized:array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let serialized:array u8 (sz 32) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + : t_Array u8 (sz 32) = + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let serialized:t_Array u8 (sz 32) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - slice i32) + t_Slice i32) (sz 8) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) serialized (fun serialized (i, coefficients) -> - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__iter coefficients <: Core.Slice.Iter.t_Iter i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) serialized (fun serialized (j, coefficient) -> let coefficient:u16 = @@ -59,39 +55,35 @@ let compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPol <: u8)) <: - array u8 (sz 32)) + t_Array u8 (sz 32)) in serialized -let deserialize_then_decompress_message (serialized: array u8 (sz 32)) +let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__ZERO + Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter (Rust_primitives.unsize serialized <: slice u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + (Core.Slice.impl__iter (Rust_primitives.unsize serialized <: t_Slice u8) <: Core.Slice.Iter.t_Iter u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) re (fun re (i, byte) -> - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 }) <: - (Core.Iter.Traits.Collect.impl (Core.Ops.Range.t_Range usize)).f_IntoIter) + Core.Ops.Range.t_Range usize) re (fun re j -> - let coefficient_compressed:i32 = - cast ((byte >>! j <: (Core.Ops.Bit.impl_780).f_Output) &. 1uy) <: i32 - in + let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy) <: i32 in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = { re with @@ -111,28 +103,26 @@ let deserialize_then_decompress_message (serialized: array u8 (sz 32)) let serialize_little_endian_4_ (#v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - : array u8 v_OUT_LEN = - let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in - let serialized:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + : t_Array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - slice i32) + t_Slice i32) (sz 2) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) serialized (fun serialized (i, chunk) -> let coefficient1:u8 = cast chunk.[ sz 0 ] <: u8 in let coefficient2:u8 = cast chunk.[ sz 1 ] <: u8 in - let serialized:array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized i ((coefficient2 < let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -185,7 +173,7 @@ let deserialize_little_endian_4_ (serialized: slice u8) = Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients (sz 2 *! i <: usize) - (cast (byte &. 15uy <: (Core.Ops.Bit.impl_46).f_Output) <: i32) + (cast (byte &. 15uy <: u8) <: i32) } in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -195,7 +183,7 @@ let deserialize_little_endian_4_ (serialized: slice u8) = Rust_primitives.Hax.update_at re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 2 *! i <: usize) +! sz 1 <: usize) - (cast ((byte >>! 4l <: (Core.Ops.Bit.impl_792).f_Output) &. 15uy <: u8) <: i32) + (cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32) } in re) @@ -205,23 +193,21 @@ let deserialize_little_endian_4_ (serialized: slice u8) let serialize_little_endian_5_ (#v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - : array u8 v_OUT_LEN = - let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in - let serialized:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + : t_Array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - slice i32) + t_Slice i32) (sz 8) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) serialized (fun serialized (i, coefficients) -> let coefficient1:u8 = cast coefficients.[ sz 0 ] <: u8 in @@ -232,12 +218,12 @@ let serialize_little_endian_5_ let coefficient6:u8 = cast coefficients.[ sz 5 ] <: u8 in let coefficient7:u8 = cast coefficients.[ sz 6 ] <: u8 in let coefficient8:u8 = cast coefficients.[ sz 7 ] <: u8 in - let serialized:array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized (sz 5 *! i <: usize) (((coefficient2 &. 7uy <: u8) <>! 1l <: u8) <: u8) in - let serialized:array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized ((sz 5 *! i <: usize) +! sz 3 <: usize) ((((coefficient7 &. 3uy <: u8) <>! 2l <: u8) <: u8) @@ -267,7 +253,7 @@ let serialize_little_endian_5_ in serialized -let deserialize_little_endian_5_ (serialized: slice u8) +let deserialize_little_endian_5_ (serialized: t_Slice u8) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let _:Prims.unit = if true @@ -291,17 +277,15 @@ let deserialize_little_endian_5_ (serialized: slice u8) () in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__ZERO + Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) re (fun re (i, bytes) -> let byte1:i32 = cast bytes.[ sz 0 ] <: i32 in @@ -396,35 +380,33 @@ let deserialize_little_endian_5_ (serialized: slice u8) let serialize_little_endian_10_ (#v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - : array u8 v_OUT_LEN = - let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in - let serialized:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + : t_Array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - slice i32) + t_Slice i32) (sz 4) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) serialized (fun serialized (i, chunk) -> let coefficient1:i32 = chunk.[ sz 0 ] in let coefficient2:i32 = chunk.[ sz 1 ] in let coefficient3:i32 = chunk.[ sz 2 ] in let coefficient4:i32 = chunk.[ sz 3 ] in - let serialized:array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized (sz 5 *! i <: usize) (cast (coefficient1 &. 255l <: i32) <: u8) in - let serialized:array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized ((sz 5 *! i <: usize) +! sz 1 <: usize) (((cast (coefficient2 &. 63l <: i32) <: u8) <>! 2l <: i32) &. 255l <: i32) <: u8) @@ -457,7 +439,7 @@ let serialize_little_endian_10_ in serialized -let deserialize_little_endian_10_ (serialized: slice u8) +let deserialize_little_endian_10_ (serialized: t_Slice u8) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let _:Prims.unit = if true @@ -481,17 +463,15 @@ let deserialize_little_endian_10_ (serialized: slice u8) () in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__ZERO + Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) re (fun re (i, bytes) -> let byte1:i32 = cast bytes.[ sz 0 ] <: i32 in @@ -546,23 +526,21 @@ let deserialize_little_endian_10_ (serialized: slice u8) let serialize_little_endian_11_ (#v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - : array u8 v_OUT_LEN = - let serialized:array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in - let serialized:array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + : t_Array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - slice i32) + t_Slice i32) (sz 8) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) serialized (fun serialized (i, coefficients) -> let coefficient1:i32 = coefficients.[ sz 0 ] in @@ -573,10 +551,10 @@ let serialize_little_endian_11_ let coefficient6:i32 = coefficients.[ sz 5 ] in let coefficient7:i32 = coefficients.[ sz 6 ] in let coefficient8:i32 = coefficients.[ sz 7 ] in - let serialized:array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized (sz 11 *! i <: usize) (cast coefficient1 <: u8) in - let serialized:array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized ((sz 11 *! i <: usize) +! sz 1 <: usize) (((cast (coefficient2 &. 31l <: i32) <: u8) <>! 2l <: i32) &. 255l <: i32) <: u8) in - let serialized:array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized ((sz 11 *! i <: usize) +! sz 4 <: usize) (((cast (coefficient4 &. 127l <: i32) <: u8) <>! 1l <: i32) &. 255l <: i32) <: u8) in - let serialized:array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.update_at serialized ((sz 11 *! i <: usize) +! sz 8 <: usize) (((cast (coefficient7 &. 63l <: i32) <: u8) <>! 3l <: i32) <: u8) @@ -651,7 +629,7 @@ let serialize_little_endian_11_ in serialized -let deserialize_little_endian_11_ (serialized: slice u8) +let deserialize_little_endian_11_ (serialized: t_Slice u8) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let _:Prims.unit = if true @@ -675,17 +653,15 @@ let deserialize_little_endian_11_ (serialized: slice u8) () in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__ZERO + Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact serialized (sz 11) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) re (fun re (i, bytes) -> let byte1:i32 = cast bytes.[ sz 0 ] <: i32 in @@ -791,7 +767,7 @@ let deserialize_little_endian_11_ (serialized: slice u8) let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - : array u8 (sz 384) = + : t_Array u8 (sz 384) = let _:Prims.unit = if true then @@ -799,7 +775,7 @@ let serialize_uncompressed_ring_element Core.Iter.Traits.Iterator.f_all (Core.Iter.Traits.Collect.f_into_iter re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - (Core.Array.Iter.impl i32 (sz 256)).f_IntoIter) + Core.Array.Iter.t_IntoIter i32 (sz 256)) (fun coefficient -> (coefficient >=. (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) @@ -817,22 +793,20 @@ let serialize_uncompressed_ring_element in () in - let serialized:array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in - let serialized:array u8 (sz 384) = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in + let serialized:t_Array u8 (sz 384) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients <: - slice i32) + t_Slice i32) (sz 2) <: Core.Slice.Iter.t_ChunksExact i32) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) serialized (fun serialized (i, chunks) -> let coefficient1:u16 = @@ -841,12 +815,12 @@ let serialize_uncompressed_ring_element let coefficient2:u16 = Libcrux.Kem.Kyber.Conversions.to_unsigned_representative (chunks.[ sz 1 ] <: i32) in - let serialized:array u8 (sz 384) = + let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.update_at serialized (sz 3 *! i <: usize) (cast (coefficient1 &. 255us <: u16) <: u8) in - let serialized:array u8 (sz 384) = + let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.update_at serialized ((sz 3 *! i <: usize) +! sz 1 <: usize) (cast ((coefficient1 >>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8) @@ -864,7 +838,7 @@ let serialize_uncompressed_ring_element in serialized -let deserialize_to_uncompressed_ring_element (serialized: slice u8) +let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let _:Prims.unit = if true @@ -887,17 +861,15 @@ let deserialize_to_uncompressed_ring_element (serialized: slice u8) () in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__ZERO + Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO in let re:Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = - Core.Iter.Traits.Iterator.Iterator.fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate (Core.Slice.impl__chunks_exact serialized (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: - (Core.Iter.Traits.Collect.impl - (Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))) - .f_IntoIter) + Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) re (fun re (i, bytes) -> let byte1:i32 = cast bytes.[ sz 0 ] <: i32 in @@ -930,7 +902,7 @@ let deserialize_to_uncompressed_ring_element (serialized: slice u8) let serialize_little_endian (#v_COMPRESSION_FACTOR #v_OUT_LEN: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement) - : array u8 v_OUT_LEN = + : t_Array u8 v_OUT_LEN = let _:Prims.unit = if true then @@ -951,7 +923,7 @@ let serialize_little_endian FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); Rust_primitives.Hax.array_of_list list) <: - slice string) + t_Slice string) (Rust_primitives.unsize (let list = [ Core.Fmt.Rt.impl_1__new_display ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! @@ -969,7 +941,7 @@ let serialize_little_endian FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); Rust_primitives.Hax.array_of_list list) <: - slice Core.Fmt.Rt.t_Argument) + t_Slice Core.Fmt.Rt.t_Argument) <: Core.Fmt.t_Arguments) <: @@ -988,7 +960,7 @@ let serialize_little_endian FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); Rust_primitives.Hax.array_of_list list) <: - slice string) + t_Slice string) (Rust_primitives.unsize (let list = [ Core.Fmt.Rt.impl_1__new_display v_COMPRESSION_FACTOR @@ -999,13 +971,13 @@ let serialize_little_endian FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); Rust_primitives.Hax.array_of_list list) <: - slice Core.Fmt.Rt.t_Argument) + t_Slice Core.Fmt.Rt.t_Argument) <: Core.Fmt.t_Arguments) <: Rust_primitives.Hax.t_Never) -let deserialize_little_endian (#v_COMPRESSION_FACTOR: usize) (serialized: slice u8) +let deserialize_little_endian (#v_COMPRESSION_FACTOR: usize) (serialized: t_Slice u8) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = let _:Prims.unit = if true @@ -1042,7 +1014,7 @@ let deserialize_little_endian (#v_COMPRESSION_FACTOR: usize) (serialized: slice FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); Rust_primitives.Hax.array_of_list list) <: - slice string) + t_Slice string) (Rust_primitives.unsize (let list = [ Core.Fmt.Rt.impl_1__new_display v_COMPRESSION_FACTOR @@ -1053,7 +1025,7 @@ let deserialize_little_endian (#v_COMPRESSION_FACTOR: usize) (serialized: slice FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); Rust_primitives.Hax.array_of_list list) <: - slice Core.Fmt.Rt.t_Argument) + t_Slice Core.Fmt.Rt.t_Argument) <: Core.Fmt.t_Arguments) <: diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst index f1b4d90aa..93247aabe 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst @@ -2,39 +2,511 @@ module Libcrux.Kem.Kyber.Types #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -let impl__new - (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) - (sk: array u8 v_PRIVATE_KEY_SIZE) - (pk: array u8 v_PUBLIC_KEY_SIZE) - : Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = +type t_KyberCiphertext (#v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } + +let impl_1 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberCiphertext v_SIZE) (t_Slice u8) = + { + f_as_ref + = + fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value + } + +let impl_2 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberCiphertext v_SIZE) (t_Array u8 v_SIZE) = + { f_from = fun (#v_SIZE: usize) (value: t_Array u8 v_SIZE) -> { f_value = value } } + +let impl_3 (#v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_KyberCiphertext v_SIZE) = + { f_from = fun (#v_SIZE: usize) (value: t_KyberCiphertext v_SIZE) -> value.f_value } + +let impl_4 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberCiphertext v_SIZE) (t_Slice u8) = + { + f_Error = Core.Array.t_TryFromSliceError; + f_try_from + = + fun (#v_SIZE: usize) (value: t_Slice u8) -> + Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist3:t_Array u8 v_SIZE = + match + Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value + <: + Core.Result.t_Result (t_Array u8 v_SIZE) Core.Array.t_TryFromSliceError) + with + | Core.Ops.Control_flow.ControlFlow_Break residual -> + let* hoist2:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + + <: + Core.Result.t_Result (t_KyberCiphertext v_SIZE) Core.Array.t_TryFromSliceError) + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist2) + | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + Core.Ops.Control_flow.ControlFlow_Continue v_val + in + Core.Ops.Control_flow.ControlFlow_Continue + (let hoist4:t_KyberCiphertext v_SIZE = { f_value = hoist3 } in + Core.Result.Result_Ok hoist4)) + } + +let impl_5 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) usize = + { + f_Output = u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (index: usize) -> self.f_value.[ index ] + } + +let impl_6 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (range: Core.Ops.Range.t_Range usize) -> + self.f_value.[ range ] + } + +let impl_7 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> + self.f_value.[ range ] + } + +let impl_8 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = + { + f_Output = t_Slice u8; + f_index + = + fun + (#v_SIZE: usize) + (self: t_KyberCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.f_value.[ range ] + } + +let impl_9__as_slice (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : t_Array u8 v_SIZE = + self.f_value + +let impl_9__split_at (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (mid: usize) + : (t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + +let impl_9__len (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : usize = v_SIZE + +type t_KyberSharedSecret (#v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } + +let impl_10 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberSharedSecret v_SIZE) (t_Slice u8) = + { + f_as_ref + = + fun (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) -> Rust_primitives.unsize self.f_value + } + +let impl_11 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberSharedSecret v_SIZE) (t_Array u8 v_SIZE) = + { f_from = fun (#v_SIZE: usize) (value: t_Array u8 v_SIZE) -> { f_value = value } } + +let impl_12 (#v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_KyberSharedSecret v_SIZE) = + { f_from = fun (#v_SIZE: usize) (value: t_KyberSharedSecret v_SIZE) -> value.f_value } + +let impl_13 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberSharedSecret v_SIZE) (t_Slice u8) = + { + f_Error = Core.Array.t_TryFromSliceError; + f_try_from + = + fun (#v_SIZE: usize) (value: t_Slice u8) -> + Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist6:t_Array u8 v_SIZE = + match + Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value + <: + Core.Result.t_Result (t_Array u8 v_SIZE) Core.Array.t_TryFromSliceError) + with + | Core.Ops.Control_flow.ControlFlow_Break residual -> + let* hoist5:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + + <: + Core.Result.t_Result (t_KyberSharedSecret v_SIZE) Core.Array.t_TryFromSliceError + ) + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist5) + | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + Core.Ops.Control_flow.ControlFlow_Continue v_val + in + Core.Ops.Control_flow.ControlFlow_Continue + (let hoist7:t_KyberSharedSecret v_SIZE = { f_value = hoist6 } in + Core.Result.Result_Ok hoist7)) + } + +let impl_14 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) usize = + { + f_Output = u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) (index: usize) -> self.f_value.[ index ] + } + +let impl_15 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) (range: Core.Ops.Range.t_Range usize) -> + self.f_value.[ range ] + } + +let impl_16 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index + = + fun + (#v_SIZE: usize) + (self: t_KyberSharedSecret v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + self.f_value.[ range ] + } + +let impl_17 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = + { + f_Output = t_Slice u8; + f_index + = + fun + (#v_SIZE: usize) + (self: t_KyberSharedSecret v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.f_value.[ range ] + } + +let impl_18__as_slice (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) : t_Array u8 v_SIZE = + self.f_value + +let impl_18__split_at (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) (mid: usize) + : (t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + +let impl_18__len (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) : usize = v_SIZE + +type t_KyberPrivateKey (#v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } + +let impl_19 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberPrivateKey v_SIZE) (t_Slice u8) = + { + f_as_ref + = + fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value + } + +let impl_20 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberPrivateKey v_SIZE) (t_Array u8 v_SIZE) = + { f_from = fun (#v_SIZE: usize) (value: t_Array u8 v_SIZE) -> { f_value = value } } + +let impl_21 (#v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_KyberPrivateKey v_SIZE) = + { f_from = fun (#v_SIZE: usize) (value: t_KyberPrivateKey v_SIZE) -> value.f_value } + +let impl_22 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberPrivateKey v_SIZE) (t_Slice u8) = + { + f_Error = Core.Array.t_TryFromSliceError; + f_try_from + = + fun (#v_SIZE: usize) (value: t_Slice u8) -> + Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist9:t_Array u8 v_SIZE = + match + Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value + <: + Core.Result.t_Result (t_Array u8 v_SIZE) Core.Array.t_TryFromSliceError) + with + | Core.Ops.Control_flow.ControlFlow_Break residual -> + let* hoist8:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + + <: + Core.Result.t_Result (t_KyberPrivateKey v_SIZE) Core.Array.t_TryFromSliceError) + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist8) + | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + Core.Ops.Control_flow.ControlFlow_Continue v_val + in + Core.Ops.Control_flow.ControlFlow_Continue + (let hoist10:t_KyberPrivateKey v_SIZE = { f_value = hoist9 } in + Core.Result.Result_Ok hoist10)) + } + +let impl_23 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) usize = + { + f_Output = u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (index: usize) -> self.f_value.[ index ] + } + +let impl_24 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> + self.f_value.[ range ] + } + +let impl_25 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> + self.f_value.[ range ] + } + +let impl_26 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = + { + f_Output = t_Slice u8; + f_index + = + fun + (#v_SIZE: usize) + (self: t_KyberPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.f_value.[ range ] + } + +let impl_27__as_slice (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : t_Array u8 v_SIZE = + self.f_value + +let impl_27__split_at (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) + : (t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + +let impl_27__len (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : usize = v_SIZE + +type t_KyberPublicKey (#v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } + +let impl_28 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberPublicKey v_SIZE) (t_Slice u8) = + { + f_as_ref + = + fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value + } + +let impl_29 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberPublicKey v_SIZE) (t_Array u8 v_SIZE) = + { f_from = fun (#v_SIZE: usize) (value: t_Array u8 v_SIZE) -> { f_value = value } } + +let impl_30 (#v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_KyberPublicKey v_SIZE) = + { f_from = fun (#v_SIZE: usize) (value: t_KyberPublicKey v_SIZE) -> value.f_value } + +let impl_31 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberPublicKey v_SIZE) (t_Slice u8) = + { + f_Error = Core.Array.t_TryFromSliceError; + f_try_from + = + fun (#v_SIZE: usize) (value: t_Slice u8) -> + Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist12:t_Array u8 v_SIZE = + match + Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value + <: + Core.Result.t_Result (t_Array u8 v_SIZE) Core.Array.t_TryFromSliceError) + with + | Core.Ops.Control_flow.ControlFlow_Break residual -> + let* hoist11:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + + <: + Core.Result.t_Result (t_KyberPublicKey v_SIZE) Core.Array.t_TryFromSliceError) + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist11) + | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + Core.Ops.Control_flow.ControlFlow_Continue v_val + in + Core.Ops.Control_flow.ControlFlow_Continue + (let hoist13:t_KyberPublicKey v_SIZE = { f_value = hoist12 } in + Core.Result.Result_Ok hoist13)) + } + +let impl_32 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) usize = + { + f_Output = u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (index: usize) -> self.f_value.[ index ] + } + +let impl_33 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> + self.f_value.[ range ] + } + +let impl_34 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index + = + fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> + self.f_value.[ range ] + } + +let impl_35 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = { - Libcrux.Kem.Kyber.f_sk = Core.Convert.f_into sk; - Libcrux.Kem.Kyber.f_pk = Core.Convert.f_into pk + f_Output = t_Slice u8; + f_index + = + fun + (#v_SIZE: usize) + (self: t_KyberPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.f_value.[ range ] } +let impl_36__as_slice (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : t_Array u8 v_SIZE = + self.f_value + +let impl_36__split_at (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (mid: usize) + : (t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + +let impl_36__len (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : usize = v_SIZE + +type t_PrivateKey (#v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } + +let impl_37 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_PrivateKey v_SIZE) (t_Slice u8) = + { + f_as_ref + = + fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value + } + +let impl_38 (#v_SIZE: usize) : Core.Convert.t_From (t_PrivateKey v_SIZE) (t_Array u8 v_SIZE) = + { f_from = fun (#v_SIZE: usize) (value: t_Array u8 v_SIZE) -> { f_value = value } } + +let impl_39 (#v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_PrivateKey v_SIZE) = + { f_from = fun (#v_SIZE: usize) (value: t_PrivateKey v_SIZE) -> value.f_value } + +let impl_40 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_PrivateKey v_SIZE) (t_Slice u8) = + { + f_Error = Core.Array.t_TryFromSliceError; + f_try_from + = + fun (#v_SIZE: usize) (value: t_Slice u8) -> + Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist15:t_Array u8 v_SIZE = + match + Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value + <: + Core.Result.t_Result (t_Array u8 v_SIZE) Core.Array.t_TryFromSliceError) + with + | Core.Ops.Control_flow.ControlFlow_Break residual -> + let* hoist14:Rust_primitives.Hax.t_Never = + Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual + + <: + Core.Result.t_Result (t_PrivateKey v_SIZE) Core.Array.t_TryFromSliceError) + in + Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist14) + | Core.Ops.Control_flow.ControlFlow_Continue v_val -> + Core.Ops.Control_flow.ControlFlow_Continue v_val + in + Core.Ops.Control_flow.ControlFlow_Continue + (let hoist16:t_PrivateKey v_SIZE = { f_value = hoist15 } in + Core.Result.Result_Ok hoist16)) + } + +let impl_41 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) usize = + { + f_Output = u8; + f_index + = + fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (index: usize) -> self.f_value.[ index ] + } + +let impl_42 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index + = + fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> + self.f_value.[ range ] + } + +let impl_43 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index + = + fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> + self.f_value.[ range ] + } + +let impl_44 (#v_SIZE: usize) + : Core.Ops.Index.t_Index (t_PrivateKey v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = + { + f_Output = t_Slice u8; + f_index + = + fun (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeFrom usize) -> + self.f_value.[ range ] + } + +let impl_45__as_slice (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) : t_Array u8 v_SIZE = + self.f_value + +let impl_45__split_at (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) (mid: usize) + : (t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + +let impl_45__len (#v_SIZE: usize) (self: t_PrivateKey v_SIZE) : usize = v_SIZE + +type t_KyberKeyPair (#v_PRIVATE_KEY_SIZE: usize) (#v_PUBLIC_KEY_SIZE: usize) = { + f_sk:t_KyberPrivateKey v_PRIVATE_KEY_SIZE; + f_pk:t_KyberPublicKey v_PUBLIC_KEY_SIZE +} + +let impl__new + (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) + (sk: t_Array u8 v_PRIVATE_KEY_SIZE) + (pk: t_Array u8 v_PUBLIC_KEY_SIZE) + : t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = + { f_sk = Core.Convert.f_into sk; f_pk = Core.Convert.f_into pk } + let impl__from (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) - (sk: Libcrux.Kem.Kyber.t_KyberPrivateKey v_PRIVATE_KEY_SIZE) - (pk: Libcrux.Kem.Kyber.t_KyberPublicKey v_PUBLIC_KEY_SIZE) - : Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = - { Libcrux.Kem.Kyber.f_sk = sk; Libcrux.Kem.Kyber.f_pk = pk } + (sk: t_KyberPrivateKey v_PRIVATE_KEY_SIZE) + (pk: t_KyberPublicKey v_PUBLIC_KEY_SIZE) + : t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = { f_sk = sk; f_pk = pk } let impl__public_key (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) - (self: Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - : Libcrux.Kem.Kyber.t_KyberPublicKey v_PUBLIC_KEY_SIZE = self.Libcrux.Kem.Kyber.f_pk + (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + : t_KyberPublicKey v_PUBLIC_KEY_SIZE = self.f_pk let impl__private_key (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) - (self: Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - : Libcrux.Kem.Kyber.t_KyberPrivateKey v_PRIVATE_KEY_SIZE = self.Libcrux.Kem.Kyber.f_sk + (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + : t_KyberPrivateKey v_PRIVATE_KEY_SIZE = self.f_sk let impl__pk (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) - (self: Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - : array u8 v_PUBLIC_KEY_SIZE = Libcrux.Kem.Kyber.impl_35__as_slice self.Libcrux.Kem.Kyber.f_pk + (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + : t_Array u8 v_PUBLIC_KEY_SIZE = impl_36__as_slice self.f_pk let impl__sk (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) - (self: Libcrux.Kem.Kyber.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - : array u8 v_PRIVATE_KEY_SIZE = Libcrux.Kem.Kyber.impl_26__as_slice self.Libcrux.Kem.Kyber.f_sk \ No newline at end of file + (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + : t_Array u8 v_PRIVATE_KEY_SIZE = impl_27__as_slice self.f_sk \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst index 37ea1b85b..c948cf89f 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst @@ -2,398 +2,7 @@ module Libcrux.Kem.Kyber #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -type t_KyberCiphertext (#v_SIZE: usize) = { f_value:array u8 v_SIZE } - -let impl (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberCiphertext v_SIZE) (slice u8) = - { - f_impl__as_ref - = - fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value - } - -let impl_1 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberCiphertext v_SIZE) (array u8 v_SIZE) = - { f_impl_1__from = fun (#v_SIZE: usize) (value: array u8 v_SIZE) -> { f_value = value } } - -let impl_2 (#v_SIZE: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberCiphertext v_SIZE) = - { f_impl_2__from = fun (#v_SIZE: usize) (value: t_KyberCiphertext v_SIZE) -> value.f_value } - -let impl_3 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberCiphertext v_SIZE) (slice u8) = - { - f_impl_3__Error = Core.Array.t_TryFromSliceError; - f_impl_3__try_from - = - fun (#v_SIZE: usize) (value: slice u8) -> - Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist6:array u8 v_SIZE = - match - Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value - <: - Core.Result.t_Result (array u8 v_SIZE) - (Core.Convert.impl_6 (slice u8) (array u8 v_SIZE)).f_Error) - with - | Core.Ops.Control_flow.ControlFlow_Break residual -> - let* hoist5:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual - - <: - Core.Result.t_Result (t_KyberCiphertext v_SIZE) Core.Array.t_TryFromSliceError) - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist5) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> - Core.Ops.Control_flow.ControlFlow_Continue v_val - in - Core.Ops.Control_flow.ControlFlow_Continue - (let hoist7:t_KyberCiphertext v_SIZE = { f_value = hoist6 } in - Core.Result.Result_Ok hoist7)) - } - -let impl_4 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) usize = - { - f_impl_4__Output = u8; - f_impl_4__index - = - fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (index: usize) -> self.f_value.[ index ] - } - -let impl_5 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) (Core.Ops.Range.t_Range usize) = - { - f_impl_5__Output = slice u8; - f_impl_5__index - = - fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (range: Core.Ops.Range.t_Range usize) -> - self.f_value.[ range ] - } - -let impl_6 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) (Core.Ops.Range.t_RangeTo usize) = - { - f_impl_6__Output = slice u8; - f_impl_6__index - = - fun (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> - self.f_value.[ range ] - } - -let impl_7 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberCiphertext v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = - { - f_impl_7__Output = slice u8; - f_impl_7__index - = - fun - (#v_SIZE: usize) - (self: t_KyberCiphertext v_SIZE) - (range: Core.Ops.Range.t_RangeFrom usize) - -> - self.f_value.[ range ] - } - -let impl_8__as_slice (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : array u8 v_SIZE = - self.f_value - -let impl_8__split_at (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (mid: usize) - : (slice u8 & slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: slice u8) mid - -let impl_8__len (#v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : usize = v_SIZE - -type t_KyberSharedSecret (#v_SIZE: usize) = { f_value:array u8 v_SIZE } - -let impl_9 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberSharedSecret v_SIZE) (slice u8) = - { - f_impl_9__as_ref - = - fun (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) -> Rust_primitives.unsize self.f_value - } - -let impl_10 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberSharedSecret v_SIZE) (array u8 v_SIZE) = - { f_impl_10__from = fun (#v_SIZE: usize) (value: array u8 v_SIZE) -> { f_value = value } } - -let impl_11 (#v_SIZE: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberSharedSecret v_SIZE) = - { f_impl_11__from = fun (#v_SIZE: usize) (value: t_KyberSharedSecret v_SIZE) -> value.f_value } - -let impl_12 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberSharedSecret v_SIZE) (slice u8) = - { - f_impl_12__Error = Core.Array.t_TryFromSliceError; - f_impl_12__try_from - = - fun (#v_SIZE: usize) (value: slice u8) -> - Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist9:array u8 v_SIZE = - match - Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value - <: - Core.Result.t_Result (array u8 v_SIZE) - (Core.Convert.impl_6 (slice u8) (array u8 v_SIZE)).f_Error) - with - | Core.Ops.Control_flow.ControlFlow_Break residual -> - let* hoist8:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual - - <: - Core.Result.t_Result (t_KyberSharedSecret v_SIZE) Core.Array.t_TryFromSliceError - ) - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist8) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> - Core.Ops.Control_flow.ControlFlow_Continue v_val - in - Core.Ops.Control_flow.ControlFlow_Continue - (let hoist10:t_KyberSharedSecret v_SIZE = { f_value = hoist9 } in - Core.Result.Result_Ok hoist10)) - } - -let impl_13 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) usize = - { - f_impl_13__Output = u8; - f_impl_13__index - = - fun (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) (index: usize) -> self.f_value.[ index ] - } - -let impl_14 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) (Core.Ops.Range.t_Range usize) = - { - f_impl_14__Output = slice u8; - f_impl_14__index - = - fun (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) (range: Core.Ops.Range.t_Range usize) -> - self.f_value.[ range ] - } - -let impl_15 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) (Core.Ops.Range.t_RangeTo usize) = - { - f_impl_15__Output = slice u8; - f_impl_15__index - = - fun - (#v_SIZE: usize) - (self: t_KyberSharedSecret v_SIZE) - (range: Core.Ops.Range.t_RangeTo usize) - -> - self.f_value.[ range ] - } - -let impl_16 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberSharedSecret v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = - { - f_impl_16__Output = slice u8; - f_impl_16__index - = - fun - (#v_SIZE: usize) - (self: t_KyberSharedSecret v_SIZE) - (range: Core.Ops.Range.t_RangeFrom usize) - -> - self.f_value.[ range ] - } - -let impl_17__as_slice (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) : array u8 v_SIZE = - self.f_value - -let impl_17__split_at (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) (mid: usize) - : (slice u8 & slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: slice u8) mid - -let impl_17__len (#v_SIZE: usize) (self: t_KyberSharedSecret v_SIZE) : usize = v_SIZE - -type t_KyberPrivateKey (#v_SIZE: usize) = { f_value:array u8 v_SIZE } - -let impl_18 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberPrivateKey v_SIZE) (slice u8) = - { - f_impl_18__as_ref - = - fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value - } - -let impl_19 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberPrivateKey v_SIZE) (array u8 v_SIZE) = - { f_impl_19__from = fun (#v_SIZE: usize) (value: array u8 v_SIZE) -> { f_value = value } } - -let impl_20 (#v_SIZE: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberPrivateKey v_SIZE) = - { f_impl_20__from = fun (#v_SIZE: usize) (value: t_KyberPrivateKey v_SIZE) -> value.f_value } - -let impl_21 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberPrivateKey v_SIZE) (slice u8) = - { - f_impl_21__Error = Core.Array.t_TryFromSliceError; - f_impl_21__try_from - = - fun (#v_SIZE: usize) (value: slice u8) -> - Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist12:array u8 v_SIZE = - match - Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value - <: - Core.Result.t_Result (array u8 v_SIZE) - (Core.Convert.impl_6 (slice u8) (array u8 v_SIZE)).f_Error) - with - | Core.Ops.Control_flow.ControlFlow_Break residual -> - let* hoist11:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual - - <: - Core.Result.t_Result (t_KyberPrivateKey v_SIZE) Core.Array.t_TryFromSliceError) - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist11) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> - Core.Ops.Control_flow.ControlFlow_Continue v_val - in - Core.Ops.Control_flow.ControlFlow_Continue - (let hoist13:t_KyberPrivateKey v_SIZE = { f_value = hoist12 } in - Core.Result.Result_Ok hoist13)) - } - -let impl_22 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) usize = - { - f_impl_22__Output = u8; - f_impl_22__index - = - fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (index: usize) -> self.f_value.[ index ] - } - -let impl_23 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) (Core.Ops.Range.t_Range usize) = - { - f_impl_23__Output = slice u8; - f_impl_23__index - = - fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> - self.f_value.[ range ] - } - -let impl_24 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) (Core.Ops.Range.t_RangeTo usize) = - { - f_impl_24__Output = slice u8; - f_impl_24__index - = - fun (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> - self.f_value.[ range ] - } - -let impl_25 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberPrivateKey v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = - { - f_impl_25__Output = slice u8; - f_impl_25__index - = - fun - (#v_SIZE: usize) - (self: t_KyberPrivateKey v_SIZE) - (range: Core.Ops.Range.t_RangeFrom usize) - -> - self.f_value.[ range ] - } - -let impl_26__as_slice (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : array u8 v_SIZE = - self.f_value - -let impl_26__split_at (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) - : (slice u8 & slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: slice u8) mid - -let impl_26__len (#v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : usize = v_SIZE - -type t_KyberPublicKey (#v_SIZE: usize) = { f_value:array u8 v_SIZE } - -let impl_27 (#v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberPublicKey v_SIZE) (slice u8) = - { - f_impl_27__as_ref - = - fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value - } - -let impl_28 (#v_SIZE: usize) : Core.Convert.t_From (t_KyberPublicKey v_SIZE) (array u8 v_SIZE) = - { f_impl_28__from = fun (#v_SIZE: usize) (value: array u8 v_SIZE) -> { f_value = value } } - -let impl_29 (#v_SIZE: usize) : Core.Convert.t_From (array u8 v_SIZE) (t_KyberPublicKey v_SIZE) = - { f_impl_29__from = fun (#v_SIZE: usize) (value: t_KyberPublicKey v_SIZE) -> value.f_value } - -let impl_30 (#v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberPublicKey v_SIZE) (slice u8) = - { - f_impl_30__Error = Core.Array.t_TryFromSliceError; - f_impl_30__try_from - = - fun (#v_SIZE: usize) (value: slice u8) -> - Rust_primitives.Hax.Control_flow_monad.Mexception.run (let* hoist15:array u8 v_SIZE = - match - Core.Ops.Try_trait.f_branch (Core.Convert.f_try_into value - <: - Core.Result.t_Result (array u8 v_SIZE) - (Core.Convert.impl_6 (slice u8) (array u8 v_SIZE)).f_Error) - with - | Core.Ops.Control_flow.ControlFlow_Break residual -> - let* hoist14:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow.v_Break (Core.Ops.Try_trait.f_from_residual residual - - <: - Core.Result.t_Result (t_KyberPublicKey v_SIZE) Core.Array.t_TryFromSliceError) - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist14) - | Core.Ops.Control_flow.ControlFlow_Continue v_val -> - Core.Ops.Control_flow.ControlFlow_Continue v_val - in - Core.Ops.Control_flow.ControlFlow_Continue - (let hoist16:t_KyberPublicKey v_SIZE = { f_value = hoist15 } in - Core.Result.Result_Ok hoist16)) - } - -let impl_31 (#v_SIZE: usize) : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) usize = - { - f_impl_31__Output = u8; - f_impl_31__index - = - fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (index: usize) -> self.f_value.[ index ] - } - -let impl_32 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) (Core.Ops.Range.t_Range usize) = - { - f_impl_32__Output = slice u8; - f_impl_32__index - = - fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (range: Core.Ops.Range.t_Range usize) -> - self.f_value.[ range ] - } - -let impl_33 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) (Core.Ops.Range.t_RangeTo usize) = - { - f_impl_33__Output = slice u8; - f_impl_33__index - = - fun (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (range: Core.Ops.Range.t_RangeTo usize) -> - self.f_value.[ range ] - } - -let impl_34 (#v_SIZE: usize) - : Core.Ops.Index.t_Index (t_KyberPublicKey v_SIZE) (Core.Ops.Range.t_RangeFrom usize) = - { - f_impl_34__Output = slice u8; - f_impl_34__index - = - fun - (#v_SIZE: usize) - (self: t_KyberPublicKey v_SIZE) - (range: Core.Ops.Range.t_RangeFrom usize) - -> - self.f_value.[ range ] - } - -let impl_35__as_slice (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : array u8 v_SIZE = - self.f_value - -let impl_35__split_at (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (mid: usize) - : (slice u8 & slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: slice u8) mid - -let impl_35__len (#v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : usize = v_SIZE - -type t_KyberKeyPair (#v_PRIVATE_KEY_SIZE: usize) (#v_PUBLIC_KEY_SIZE: usize) = { - f_sk:t_KyberPrivateKey v_PRIVATE_KEY_SIZE; - f_pk:t_KyberPublicKey v_PUBLIC_KEY_SIZE -} - -type t_BadRejectionSamplingRandomnessError = - | BadRejectionSamplingRandomnessError : t_BadRejectionSamplingRandomnessError +type t_Error = | Error_RejectionSampling : t_Error let v_KEY_GENERATION_SEED_SIZE: usize = Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! @@ -402,42 +11,45 @@ let v_KEY_GENERATION_SEED_SIZE: usize = let generate_keypair (#v_K #v_CPA_PRIVATE_KEY_SIZE #v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE #v_BYTES_PER_RING_ELEMENT #v_ETA1 #v_ETA1_RANDOMNESS_SIZE: usize) - (randomness: array u8 (sz 64)) - : Core.Result.t_Result (t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - t_BadRejectionSamplingRandomnessError = - let ind_cpa_keypair_randomness:slice u8 = + (randomness: t_Array u8 (sz 64)) + : Core.Result.t_Result + (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) t_Error = + let ind_cpa_keypair_randomness:t_Slice u8 = randomness.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE } ] in - let implicit_rejection_value:slice u8 = + let implicit_rejection_value:t_Slice u8 = randomness.[ { Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE } ] in - let (ind_cpa_private_key, public_key), sampling_a_error:((Libcrux.Kem.Kyber.Ind_cpa.t_PrivateKey + let (ind_cpa_private_key, public_key), sampling_a_error:((Libcrux.Kem.Kyber.Types.t_PrivateKey v_CPA_PRIVATE_KEY_SIZE & - t_KyberPublicKey v_PUBLIC_KEY_SIZE) & - Core.Option.t_Option t_BadRejectionSamplingRandomnessError) = + Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) & + Core.Option.t_Option t_Error) = Libcrux.Kem.Kyber.Ind_cpa.generate_keypair ind_cpa_keypair_randomness in - let secret_key_serialized:array u8 v_PRIVATE_KEY_SIZE = - Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key (Rust_primitives.unsize (Libcrux.Kem.Kyber.Ind_cpa.impl_8__as_slice + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = + Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_45__as_slice ind_cpa_private_key <: - array u8 v_CPA_PRIVATE_KEY_SIZE) + t_Array u8 v_CPA_PRIVATE_KEY_SIZE) <: - slice u8) - (Rust_primitives.unsize (impl_35__as_slice public_key <: array u8 v_PUBLIC_KEY_SIZE) + t_Slice u8) + (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_36__as_slice public_key + <: + t_Array u8 v_PUBLIC_KEY_SIZE) <: - slice u8) + t_Slice u8) implicit_rejection_value in match sampling_a_error with | Core.Option.Option_Some error -> Core.Result.Result_Err error | _ -> - let (private_key: t_KyberPrivateKey v_PRIVATE_KEY_SIZE):t_KyberPrivateKey v_PRIVATE_KEY_SIZE = + let (private_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_PRIVATE_KEY_SIZE):Libcrux.Kem.Kyber.Types.t_KyberPrivateKey + v_PRIVATE_KEY_SIZE = Core.Convert.f_from secret_key_serialized in Core.Result.Result_Ok (Libcrux.Kem.Kyber.Types.impl__from private_key public_key) @@ -445,82 +57,83 @@ let generate_keypair let encapsulate (#v_K #v_SHARED_SECRET_SIZE #v_CIPHERTEXT_SIZE #v_PUBLIC_KEY_SIZE #v_T_AS_NTT_ENCODED_SIZE #v_C1_SIZE #v_C2_SIZE #v_VECTOR_U_COMPRESSION_FACTOR #v_VECTOR_V_COMPRESSION_FACTOR #v_VECTOR_U_BLOCK_LEN #v_ETA1 #v_ETA1_RANDOMNESS_SIZE #v_ETA2 #v_ETA2_RANDOMNESS_SIZE: usize) - (public_key: t_KyberPublicKey v_PUBLIC_KEY_SIZE) - (randomness: array u8 v_SHARED_SECRET_SIZE) + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 v_SHARED_SECRET_SIZE) : Core.Result.t_Result - (t_KyberCiphertext v_CIPHERTEXT_SIZE & t_KyberSharedSecret v_SHARED_SECRET_SIZE) - t_BadRejectionSamplingRandomnessError = - let randomness_hashed:array u8 (sz 32) = - Libcrux.Kem.Kyber.Hash_functions.v_H (Rust_primitives.unsize randomness <: slice u8) + (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & + Libcrux.Kem.Kyber.Types.t_KyberSharedSecret v_SHARED_SECRET_SIZE) t_Error = + let randomness_hashed:t_Array u8 (sz 32) = + Libcrux.Kem.Kyber.Hash_functions.v_H (Rust_primitives.unsize randomness <: t_Slice u8) in - let (to_hash: array u8 (sz 64)):array u8 (sz 64) = + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = Libcrux.Kem.Kyber.Conversions.into_padded_array (Rust_primitives.unsize randomness_hashed <: - slice u8) + t_Slice u8) in - let to_hash:array u8 (sz 64) = + let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.update_at to_hash ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut to_hash ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) <: - slice u8) - (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H (Rust_primitives.unsize (impl_35__as_slice + t_Slice u8) + (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_36__as_slice public_key <: - array u8 v_PUBLIC_KEY_SIZE) + t_Array u8 v_PUBLIC_KEY_SIZE) <: - slice u8) + t_Slice u8) <: - array u8 (sz 32)) + t_Array u8 (sz 32)) <: - slice u8) + t_Slice u8) <: - slice u8) + t_Slice u8) in - let hashed:array u8 (sz 64) = - Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: slice u8) + let hashed:t_Array u8 (sz 64) = + Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8) in - let k_not, pseudorandomness:(slice u8 & slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: slice u8) (sz 32) + let k_not, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) in - let ciphertext, sampling_a_error:(t_KyberCiphertext v_CIPHERTEXT_SIZE & - Core.Option.t_Option t_BadRejectionSamplingRandomnessError) = - Libcrux.Kem.Kyber.Ind_cpa.encrypt (Rust_primitives.unsize (impl_35__as_slice public_key + let ciphertext, sampling_a_error:(Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & + Core.Option.t_Option t_Error) = + Libcrux.Kem.Kyber.Ind_cpa.encrypt (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_36__as_slice + public_key <: - array u8 v_PUBLIC_KEY_SIZE) + t_Array u8 v_PUBLIC_KEY_SIZE) <: - slice u8) + t_Slice u8) randomness_hashed pseudorandomness in - let (to_hash: array u8 (sz 64)):array u8 (sz 64) = + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = Libcrux.Kem.Kyber.Conversions.into_padded_array k_not in - let to_hash:array u8 (sz 64) = + let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.update_at to_hash ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut to_hash ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE }) <: - slice u8) + t_Slice u8) (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H (Core.Convert.f_as_ref ciphertext <: - slice u8) + t_Slice u8) <: - array u8 (sz 32)) + t_Array u8 (sz 32)) <: - slice u8) + t_Slice u8) <: - slice u8) + t_Slice u8) in - let shared_secret:t_KyberSharedSecret v_SHARED_SECRET_SIZE = + let shared_secret:Libcrux.Kem.Kyber.Types.t_KyberSharedSecret v_SHARED_SECRET_SIZE = Core.Convert.f_into (Libcrux.Kem.Kyber.Hash_functions.v_KDF (Rust_primitives.unsize to_hash <: - slice u8) + t_Slice u8) <: - array u8 v_SHARED_SECRET_SIZE) + t_Array u8 v_SHARED_SECRET_SIZE) in if Core.Option.impl__is_some sampling_a_error then Core.Result.Result_Err (Core.Option.impl__unwrap sampling_a_error) @@ -529,76 +142,76 @@ let encapsulate let decapsulate (#v_K #v_SECRET_KEY_SIZE #v_CPA_SECRET_KEY_SIZE #v_PUBLIC_KEY_SIZE #v_CIPHERTEXT_SIZE #v_T_AS_NTT_ENCODED_SIZE #v_C1_SIZE #v_C2_SIZE #v_VECTOR_U_COMPRESSION_FACTOR #v_VECTOR_V_COMPRESSION_FACTOR #v_C1_BLOCK_SIZE #v_ETA1 #v_ETA1_RANDOMNESS_SIZE #v_ETA2 #v_ETA2_RANDOMNESS_SIZE: usize) - (secret_key: t_KyberPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: t_KyberCiphertext v_CIPHERTEXT_SIZE) - : array u8 (sz 32) = - let ind_cpa_secret_key, secret_key:(slice u8 & slice u8) = - impl_26__split_at secret_key v_CPA_SECRET_KEY_SIZE + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) + : t_Array u8 (sz 32) = + let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = + Libcrux.Kem.Kyber.Types.impl_27__split_at secret_key v_CPA_SECRET_KEY_SIZE in - let ind_cpa_public_key, secret_key:(slice u8 & slice u8) = + let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at secret_key v_PUBLIC_KEY_SIZE in - let ind_cpa_public_key_hash, implicit_rejection_value:(slice u8 & slice u8) = + let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at secret_key Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE in - let decrypted:array u8 (sz 32) = + let decrypted:t_Array u8 (sz 32) = Libcrux.Kem.Kyber.Ind_cpa.decrypt ind_cpa_secret_key ciphertext in - let (to_hash: array u8 (sz 64)):array u8 (sz 64) = - Libcrux.Kem.Kyber.Conversions.into_padded_array (Rust_primitives.unsize decrypted <: slice u8) + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux.Kem.Kyber.Conversions.into_padded_array (Rust_primitives.unsize decrypted <: t_Slice u8) in - let to_hash:array u8 (sz 64) = + let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.update_at to_hash ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut to_hash ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) <: - slice u8) + t_Slice u8) ind_cpa_public_key_hash <: - slice u8) + t_Slice u8) in - let hashed:array u8 (sz 64) = - Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: slice u8) + let hashed:t_Array u8 (sz 64) = + Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8) in - let k_not, pseudorandomness:(slice u8 & slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: slice u8) (sz 32) + let k_not, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) in - let expected_ciphertext, _:(t_KyberCiphertext v_CIPHERTEXT_SIZE & - Core.Option.t_Option t_BadRejectionSamplingRandomnessError) = + let expected_ciphertext, _:(Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & + Core.Option.t_Option t_Error) = Libcrux.Kem.Kyber.Ind_cpa.encrypt ind_cpa_public_key decrypted pseudorandomness in let selector:u8 = Libcrux.Kem.Kyber.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.f_as_ref ciphertext <: - slice u8) - (Core.Convert.f_as_ref expected_ciphertext <: slice u8) + t_Slice u8) + (Core.Convert.f_as_ref expected_ciphertext <: t_Slice u8) in - let to_hash:array u8 (sz 32) = + let to_hash:t_Array u8 (sz 32) = Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time k_not implicit_rejection_value selector in - let (to_hash: array u8 (sz 64)):array u8 (sz 64) = - Libcrux.Kem.Kyber.Conversions.into_padded_array (Rust_primitives.unsize to_hash <: slice u8) + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux.Kem.Kyber.Conversions.into_padded_array (Rust_primitives.unsize to_hash <: t_Slice u8) in - let to_hash:array u8 (sz 64) = + let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.update_at to_hash ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut to_hash ({ Core.Ops.Range.f_start = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE }) <: - slice u8) + t_Slice u8) (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H (Core.Convert.f_as_ref ciphertext <: - slice u8) + t_Slice u8) <: - array u8 (sz 32)) + t_Array u8 (sz 32)) <: - slice u8) + t_Slice u8) <: - slice u8) + t_Slice u8) in - Libcrux.Kem.Kyber.Hash_functions.v_KDF (Rust_primitives.unsize to_hash <: slice u8) \ No newline at end of file + Libcrux.Kem.Kyber.Hash_functions.v_KDF (Rust_primitives.unsize to_hash <: t_Slice u8) \ No newline at end of file diff --git a/src/kem/kyber.rs b/src/kem/kyber.rs index 67701de1f..7cc58e18c 100644 --- a/src/kem/kyber.rs +++ b/src/kem/kyber.rs @@ -7,8 +7,6 @@ // This is being tracked in https://github.com/hacspec/hacspec-v2/issues/27 pub(crate) mod constants; -#[macro_use] -mod types; mod arithmetic; mod compress; mod constant_time_ops; @@ -18,26 +16,22 @@ mod ind_cpa; mod ntt; mod sampling; mod serialize; +mod types; // Variants pub mod kyber1024; pub mod kyber512; pub mod kyber768; -impl_generic_struct!(KyberCiphertext); -impl_generic_struct!(KyberSharedSecret); -impl_generic_struct!(KyberPrivateKey); -impl_generic_struct!(KyberPublicKey); +pub use types::{ + KyberCiphertext, KyberKeyPair, KyberPrivateKey, KyberPublicKey, KyberSharedSecret, +}; -/// A Kyber key pair -pub struct KyberKeyPair { - pub(crate) sk: KyberPrivateKey, - pub(crate) pk: KyberPublicKey, +#[derive(Debug, Clone, Copy)] +pub enum Error { + RejectionSampling, } -#[derive(Debug)] -pub struct BadRejectionSamplingRandomnessError; - use self::{ constant_time_ops::{ compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, @@ -62,7 +56,7 @@ pub(super) fn generate_keypair< const ETA1_RANDOMNESS_SIZE: usize, >( randomness: [u8; KEY_GENERATION_SEED_SIZE], -) -> Result, BadRejectionSamplingRandomnessError> { +) -> Result, Error> { let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; @@ -113,7 +107,7 @@ pub(super) fn encapsulate< KyberCiphertext, KyberSharedSecret, ), - BadRejectionSamplingRandomnessError, + Error, > { let randomness_hashed = H(&randomness); diff --git a/src/kem/kyber/ind_cpa.rs b/src/kem/kyber/ind_cpa.rs index 5da4f9fa3..b0a310720 100644 --- a/src/kem/kyber/ind_cpa.rs +++ b/src/kem/kyber/ind_cpa.rs @@ -15,11 +15,10 @@ use super::{ deserialize_then_decompress_message, deserialize_to_uncompressed_ring_element, serialize_little_endian, serialize_uncompressed_ring_element, }, - BadRejectionSamplingRandomnessError, KyberPublicKey, + types::PrivateKey, + Error, KyberPublicKey, }; -// The PKE Private Key -impl_generic_struct!(PrivateKey); pub fn serialize_secret_key( private_key: &[u8], public_key: &[u8], @@ -38,10 +37,7 @@ pub fn serialize_secret_key( fn sample_matrix_A( seed: [u8; 34], transpose: bool, -) -> ( - [[KyberPolynomialRingElement; K]; K], - Option, -) { +) -> ([[KyberPolynomialRingElement; K]; K], Option) { let mut A_transpose = [[KyberPolynomialRingElement::ZERO; K]; K]; let mut sampling_A_error = None; @@ -117,7 +113,7 @@ pub(crate) fn generate_keypair< PrivateKey, KyberPublicKey, ), - Option, + Option, ) { let mut prf_input: [u8; 33] = [0; 33]; @@ -222,10 +218,7 @@ pub(crate) fn encrypt< public_key: &[u8], message: [u8; SHARED_SECRET_SIZE], randomness: &[u8], -) -> ( - super::KyberCiphertext, - Option, -) { +) -> (super::KyberCiphertext, Option) { // tˆ := Decode_12(pk) let mut t_as_ntt = [KyberPolynomialRingElement::ZERO; K]; for (i, t_as_ntt_bytes) in public_key[..T_AS_NTT_ENCODED_SIZE] diff --git a/src/kem/kyber/kyber1024.rs b/src/kem/kyber/kyber1024.rs index e22d4d193..51e450478 100644 --- a/src/kem/kyber/kyber1024.rs +++ b/src/kem/kyber/kyber1024.rs @@ -40,10 +40,7 @@ pub type Kyber1024SharedSecret = KyberSharedSecret; /// Generate Kyber 1024 Key Pair pub fn generate_key_pair_1024( randomness: [u8; KEY_GENERATION_SEED_SIZE], -) -> Result< - KyberKeyPair, - BadRejectionSamplingRandomnessError, -> { +) -> Result, Error> { generate_keypair::< RANK_1024, CPA_PKE_SECRET_KEY_SIZE_1024, @@ -64,7 +61,7 @@ pub fn encapsulate_1024( KyberCiphertext, KyberSharedSecret, ), - BadRejectionSamplingRandomnessError, + Error, > { encapsulate::< RANK_1024, diff --git a/src/kem/kyber/kyber512.rs b/src/kem/kyber/kyber512.rs index bb414f36f..e14dbe57c 100644 --- a/src/kem/kyber/kyber512.rs +++ b/src/kem/kyber/kyber512.rs @@ -38,10 +38,7 @@ pub type Kyber512SharedSecret = KyberSharedSecret; /// Generate Kyber 512 Key Pair pub fn generate_key_pair_512( randomness: [u8; KEY_GENERATION_SEED_SIZE], -) -> Result< - KyberKeyPair, - BadRejectionSamplingRandomnessError, -> { +) -> Result, Error> { generate_keypair::< RANK_512, CPA_PKE_SECRET_KEY_SIZE_512, @@ -62,7 +59,7 @@ pub fn encapsulate_512( KyberCiphertext, KyberSharedSecret, ), - BadRejectionSamplingRandomnessError, + Error, > { encapsulate::< RANK_512, diff --git a/src/kem/kyber/kyber768.rs b/src/kem/kyber/kyber768.rs index 5a91a2aaf..3e41813e5 100644 --- a/src/kem/kyber/kyber768.rs +++ b/src/kem/kyber/kyber768.rs @@ -39,10 +39,7 @@ pub type Kyber768SharedSecret = KyberSharedSecret; /// Generate Kyber 768 Key Pair pub fn generate_key_pair_768( randomness: [u8; KEY_GENERATION_SEED_SIZE], -) -> Result< - KyberKeyPair, - BadRejectionSamplingRandomnessError, -> { +) -> Result, Error> { generate_keypair::< RANK_768, CPA_PKE_SECRET_KEY_SIZE_768, @@ -63,7 +60,7 @@ pub fn encapsulate_768( KyberCiphertext, KyberSharedSecret, ), - BadRejectionSamplingRandomnessError, + Error, > { encapsulate::< RANK_768, diff --git a/src/kem/kyber/sampling.rs b/src/kem/kyber/sampling.rs index 9a64a39b6..23b0282f6 100644 --- a/src/kem/kyber/sampling.rs +++ b/src/kem/kyber/sampling.rs @@ -1,15 +1,12 @@ use super::{ arithmetic::{KyberFieldElement, KyberPolynomialRingElement}, constants::{COEFFICIENTS_IN_RING_ELEMENT, FIELD_MODULUS}, - BadRejectionSamplingRandomnessError, + Error, }; pub fn sample_from_uniform_distribution( randomness: [u8; SEED_SIZE], -) -> ( - KyberPolynomialRingElement, - Option, -) { +) -> (KyberPolynomialRingElement, Option) { let mut sampled_coefficients: usize = 0; let mut out: KyberPolynomialRingElement = KyberPolynomialRingElement::ZERO; @@ -39,7 +36,7 @@ pub fn sample_from_uniform_distribution( .into_iter() .all(|coefficient| coefficient >= 0 && coefficient < FIELD_MODULUS)); - (out, Some(BadRejectionSamplingRandomnessError)) + (out, Some(Error::RejectionSampling)) } /// Given a series of uniformly random bytes in `|randomness|`, sample diff --git a/src/kem/kyber/types.rs b/src/kem/kyber/types.rs index c1c77fb6e..c7ff702ad 100644 --- a/src/kem/kyber/types.rs +++ b/src/kem/kyber/types.rs @@ -1,5 +1,3 @@ -use super::{KyberKeyPair, KyberPrivateKey, KyberPublicKey}; - macro_rules! impl_generic_struct { ($name:ident) => { pub struct $name { @@ -82,6 +80,20 @@ macro_rules! impl_generic_struct { }; } +impl_generic_struct!(KyberCiphertext); +impl_generic_struct!(KyberSharedSecret); +impl_generic_struct!(KyberPrivateKey); +impl_generic_struct!(KyberPublicKey); + +// The PKE Private Key +impl_generic_struct!(PrivateKey); + +/// A Kyber key pair +pub struct KyberKeyPair { + pub(crate) sk: KyberPrivateKey, + pub(crate) pk: KyberPublicKey, +} + impl KyberKeyPair { From c08fae6e9df4fdbd8e0c853b8ff13c009ecd54cc Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 26 Oct 2023 13:53:02 +0200 Subject: [PATCH 02/11] wip --- libcrux.fst.config.json | 19 +++++++++ proofs/fstar/extraction/Libcrux.Digest.fst | 38 ------------------ proofs/fstar/extraction/Libcrux.Hacl.Sha3.fst | 39 ------------------- proofs/fstar/extraction/Libcrux.Kem.fst | 4 -- src/signature.rs | 7 ++++ 5 files changed, 26 insertions(+), 81 deletions(-) create mode 100644 libcrux.fst.config.json delete mode 100644 proofs/fstar/extraction/Libcrux.Digest.fst delete mode 100644 proofs/fstar/extraction/Libcrux.Hacl.Sha3.fst delete mode 100644 proofs/fstar/extraction/Libcrux.Kem.fst diff --git a/libcrux.fst.config.json b/libcrux.fst.config.json new file mode 100644 index 000000000..e9354b92b --- /dev/null +++ b/libcrux.fst.config.json @@ -0,0 +1,19 @@ +{ + "fstar_exe": "fstar.exe", + "options": [ + "--cmi", + "--warn_error", + "-331", + "--cache_checked_modules", + "--cache_dir", + "/Users/franziskus/repos/hax/proof-libs/fstar/.cache", + "--already_cached", + "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" + ], + "include_dirs": [ + "/Users/franziskus/repos/hacl-star/lib", + "/Users/franziskus/repos/hax/proof-libs/fstar/rust_primitives", + "/Users/franziskus/repos/hax/proof-libs/fstar/core", + "/Users/franziskus/repos/hax/proof-libs/fstar/hax_lib" + ] +} \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Digest.fst b/proofs/fstar/extraction/Libcrux.Digest.fst deleted file mode 100644 index 1e91c2b63..000000000 --- a/proofs/fstar/extraction/Libcrux.Digest.fst +++ /dev/null @@ -1,38 +0,0 @@ -module Libcrux.Digest -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core - -type t_Algorithm = - | Algorithm_Sha1 : t_Algorithm - | Algorithm_Sha224 : t_Algorithm - | Algorithm_Sha256 : t_Algorithm - | Algorithm_Sha384 : t_Algorithm - | Algorithm_Sha512 : t_Algorithm - | Algorithm_Blake2s : t_Algorithm - | Algorithm_Blake2b : t_Algorithm - | Algorithm_Sha3_224_ : t_Algorithm - | Algorithm_Sha3_256_ : t_Algorithm - | Algorithm_Sha3_384_ : t_Algorithm - | Algorithm_Sha3_512_ : t_Algorithm - -let digest_size (mode: t_Algorithm) : usize = - match mode with - | Algorithm_Sha1 -> sz 20 - | Algorithm_Sha224 -> sz 28 - | Algorithm_Sha256 -> sz 32 - | Algorithm_Sha384 -> sz 48 - | Algorithm_Sha512 -> sz 64 - | Algorithm_Blake2s -> sz 32 - | Algorithm_Blake2b -> sz 64 - | Algorithm_Sha3_224_ -> sz 28 - | Algorithm_Sha3_256_ -> sz 32 - | Algorithm_Sha3_384_ -> sz 48 - | Algorithm_Sha3_512_ -> sz 64 - -let sha3_256_ (payload: slice u8) : array u8 (sz 32) = Libcrux.Hacl.Sha3.sha256 payload - -let sha3_512_ (payload: slice u8) : array u8 (sz 64) = Libcrux.Hacl.Sha3.sha512 payload - -let shake128 (#v_LEN: usize) (data: slice u8) : array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 data - -let shake256 (#v_LEN: usize) (data: slice u8) : array u8 v_LEN = Libcrux.Hacl.Sha3.shake256 data \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Hacl.Sha3.fst b/proofs/fstar/extraction/Libcrux.Hacl.Sha3.fst deleted file mode 100644 index 774cdd2e6..000000000 --- a/proofs/fstar/extraction/Libcrux.Hacl.Sha3.fst +++ /dev/null @@ -1,39 +0,0 @@ -module Libcrux.Hacl.Sha3 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core - -let sha256 (payload: slice u8) : array u8 (sz 32) = - let digest:array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let _:Prims.unit = - Rust_primitives.Hax.failure "" - "{ Types.attributes = [];\n contents =\n Types.Block {expr = None; opt_destruction_scope = None;\n region_scope = { Types.data = Types.Node; id = \"33\" };\n safety_mode = Types.ExplicitUnsafe;\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"30\" };\n lo = { Types.col = \"4\"; line = \"24\" } };\n stmts =\n [{ Types.kind =\n Types.Expr {\n expr =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 200);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"payload\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"19\"; line = \"26\" };\n lo =\n { Types.col = \"12\"; line = \"26\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"26\" };\n lo = { Types.col = \"12\"; line = \"26\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"200\", \"20\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"26\" };\n lo = { Types.col = \"12\"; line = \"26\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"26\" };\n lo = { Types.col = \"20\"; line = \"26\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 10989); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"23\"; line = \"26\" };\n lo = { Types.col = \"20\"; line = \"26\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0\n };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"len\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"200\", \"18\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"26\" };\n lo = { Types.col = \"12\"; line = \"26\" } };\n ty = (Types.Uint Types.Usize) }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"36\"; line = \"26\" };\n lo = { Types.col = \"26\"; line = \"26\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 2519); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"try_into\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"34\"; line = \"26\" };\n lo = { Types.col = \"26\"; line = \"26\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs = [(Types.Uint Types.Usize)];\n output =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n (Types.Alias\n (Types.Projection,\n { Types.def_id =\n { Types.index = (2, 2518);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Error\");\n disambiguator = 0 }\n ]\n };\n substs =\n [(Types.Type\n (Types.Uint Types.Usize));\n (Types.Type\n (Types.Uint Types.U32))\n ];\n trait_def_id =\n (Some ({ Types.index = (2, 2516);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs\n \"TryInto\");\n disambiguator = 0 }\n ]\n },\n { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.Usize))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate =\n \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (\n Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.U32))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {\n generics = [];\n id =\n { Types.index =\n (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"num\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"ptr_try_from_impls\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type\n (Types.Uint\n Types.Usize));\n (Types.Type\n (Types.Uint\n Types.U32))\n ];\n id =\n { Types.index =\n (2, 2546);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 6 }\n ]\n }}\n }))\n })))\n ]};\n unsafety = Types.Normal }\n })\n };\n impl =\n (Some { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index = (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"marker\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Sized\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.Usize))]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index = (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"marker\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Sized\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32))]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {generics = [];\n id =\n { Types.index = (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"ptr_try_from_impls\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type (Types.Uint Types.Usize));\n (Types.Type (Types.Uint Types.U32))];\n id =\n { Types.index = (2, 2546); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 6 }\n ]\n }}\n });\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs = [(Types.Uint Types.Usize)];\n output =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n (Types.Alias\n (Types.Projection,\n { Types.def_id =\n { Types.index = (2, 2518);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Error\");\n disambiguator = 0 }\n ]\n };\n substs =\n [(Types.Type\n (Types.Uint Types.Usize));\n (Types.Type\n (Types.Uint Types.U32))\n ];\n trait_def_id =\n (Some ({ Types.index = (2, 2516);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs\n \"TryInto\");\n disambiguator = 0 }\n ]\n },\n { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.Usize))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.U32))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {\n generics = [];\n id =\n { Types.index =\n (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"num\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"ptr_try_from_impls\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type\n (Types.Uint\n Types.Usize));\n (Types.Type\n (Types.Uint\n Types.U32))\n ];\n id =\n { Types.index =\n (2, 2546);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0\n };\n { Types.data =\n Types.Impl;\n disambiguator = 6\n }\n ]\n }}\n }))\n })))\n ]};\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"200\", \"16\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"36\"; line = \"26\" };\n lo = { Types.col = \"12\"; line = \"26\" } };\n ty =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"45\"; line = \"26\" };\n lo = { Types.col = \"37\"; line = \"26\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 8523); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"unwrap\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"43\"; line = \"26\" };\n lo = { Types.col = \"37\"; line = \"26\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n ];\n output = (Types.Uint Types.U32);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n ];\n output = (Types.Uint Types.U32);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"200\", \"14\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"45\"; line = \"26\" };\n lo = { Types.col = \"12\"; line = \"26\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.ValueTypeAscription {\n source =\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 200);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"payload\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"19\"; line = \"27\" };\n lo =\n { Types.col = \"12\"; line = \"27\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"27\" };\n lo = { Types.col = \"12\"; line = \"27\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"200\", \"25\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"27\" };\n lo = { Types.col = \"12\"; line = \"27\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"27\" };\n lo = { Types.col = \"20\"; line = \"27\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11039); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"27\" };\n lo = { Types.col = \"20\"; line = \"27\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"200\", \"23\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"27\" };\n lo = { Types.col = \"12\"; line = \"27\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = false; ty = (Types.Uint Types.U8)\n })\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"33\"; line = \"27\" };\n lo = { Types.col = \"12\"; line = \"27\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n user_ty =\n (Some { Types.max_universe = \"0\";\n value = (Types.Todo \"Ty(^0)\");\n variables = [(Types.Ty (Types.General \"0\"))] })};\n hir_id = (Some (\"200\", \"22\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"33\"; line = \"27\" };\n lo = { Types.col = \"12\"; line = \"27\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Pointer {cast = Types.Unsize;\n source =\n { Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"9\";\n owner =\n { Types.index = (0, 200);\n krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"digest\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"18\"; line = \"28\" };\n lo = { Types.col = \"12\"; line = \"28\" } };\n ty =\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n (Types.Literal\n (Types.Int\n (Types.Uint (\"32\", Types.Usize))));\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) }))\n };\n borrow_kind =\n Types.Mut {allow_two_phase_borrow = true}};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"28\" };\n lo = { Types.col = \"12\"; line = \"28\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n (Types.Literal\n (Types.Int\n (Types.Uint (\"32\", Types.Usize))));\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) })),\n true))\n }};\n hir_id = (Some (\"200\", \"30\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"28\" };\n lo = { Types.col = \"12\"; line = \"28\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), true))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"28\" };\n lo = { Types.col = \"19\"; line = \"28\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11040); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"29\"; line = \"28\" };\n lo = { Types.col = \"19\"; line = \"28\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8)\n });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"200\", \"28\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"28\" };\n lo = { Types.col = \"12\"; line = \"28\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"29\" };\n lo = { Types.col = \"8\"; line = \"25\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (22, 143); krate = \"libcrux_hacl\";\n path =\n [{ Types.data = (Types.TypeNs \"bindings\");\n disambiguator = 0 };\n { Types.data = Types.ForeignMod; disambiguator = 48 };\n { Types.data = (Types.ValueNs \"Hacl_SHA3_sha3_256\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"25\" };\n lo = { Types.col = \"8\"; line = \"25\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })};\n hir_id = (Some (\"200\", \"11\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"29\" };\n lo = { Types.col = \"8\"; line = \"25\" } };\n ty = (Types.Tuple []) };\n scope = { Types.data = Types.Node; id = \"32\" }};\n opt_destruction_scope =\n (Some { Types.data = Types.Destruction; id = \"32\" }) }\n ];\n targeted_by_break = false};\n hir_id = (Some (\"200\", \"10\"));\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"30\" };\n lo = { Types.col = \"4\"; line = \"24\" } };\n ty = (Types.Tuple []) }" - - in - digest - -let sha512 (payload: slice u8) : array u8 (sz 64) = - let digest:array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let _:Prims.unit = - Rust_primitives.Hax.failure "" - "{ Types.attributes = [];\n contents =\n Types.Block {expr = None; opt_destruction_scope = None;\n region_scope = { Types.data = Types.Node; id = \"33\" };\n safety_mode = Types.ExplicitUnsafe;\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"56\" };\n lo = { Types.col = \"4\"; line = \"50\" } };\n stmts =\n [{ Types.kind =\n Types.Expr {\n expr =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 206);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha512\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"payload\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"19\"; line = \"52\" };\n lo =\n { Types.col = \"12\"; line = \"52\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"52\" };\n lo = { Types.col = \"12\"; line = \"52\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"206\", \"20\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"52\" };\n lo = { Types.col = \"12\"; line = \"52\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"52\" };\n lo = { Types.col = \"20\"; line = \"52\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 10989); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"23\"; line = \"52\" };\n lo = { Types.col = \"20\"; line = \"52\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0\n };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"len\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"206\", \"18\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"52\" };\n lo = { Types.col = \"12\"; line = \"52\" } };\n ty = (Types.Uint Types.Usize) }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"36\"; line = \"52\" };\n lo = { Types.col = \"26\"; line = \"52\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 2519); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"try_into\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"34\"; line = \"52\" };\n lo = { Types.col = \"26\"; line = \"52\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs = [(Types.Uint Types.Usize)];\n output =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n (Types.Alias\n (Types.Projection,\n { Types.def_id =\n { Types.index = (2, 2518);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Error\");\n disambiguator = 0 }\n ]\n };\n substs =\n [(Types.Type\n (Types.Uint Types.Usize));\n (Types.Type\n (Types.Uint Types.U32))\n ];\n trait_def_id =\n (Some ({ Types.index = (2, 2516);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs\n \"TryInto\");\n disambiguator = 0 }\n ]\n },\n { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.Usize))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate =\n \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (\n Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.U32))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {\n generics = [];\n id =\n { Types.index =\n (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"num\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"ptr_try_from_impls\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type\n (Types.Uint\n Types.Usize));\n (Types.Type\n (Types.Uint\n Types.U32))\n ];\n id =\n { Types.index =\n (2, 2546);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 6 }\n ]\n }}\n }))\n })))\n ]};\n unsafety = Types.Normal }\n })\n };\n impl =\n (Some { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index = (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"marker\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Sized\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.Usize))]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index = (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"marker\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Sized\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32))]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {generics = [];\n id =\n { Types.index = (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"ptr_try_from_impls\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type (Types.Uint Types.Usize));\n (Types.Type (Types.Uint Types.U32))];\n id =\n { Types.index = (2, 2546); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 6 }\n ]\n }}\n });\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs = [(Types.Uint Types.Usize)];\n output =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n (Types.Alias\n (Types.Projection,\n { Types.def_id =\n { Types.index = (2, 2518);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryInto\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"Error\");\n disambiguator = 0 }\n ]\n };\n substs =\n [(Types.Type\n (Types.Uint Types.Usize));\n (Types.Type\n (Types.Uint Types.U32))\n ];\n trait_def_id =\n (Some ({ Types.index = (2, 2516);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs\n \"TryInto\");\n disambiguator = 0 }\n ]\n },\n { Types.args =\n [{ Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.Usize))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Builtin {\n trait =\n { Types.def_id =\n { Types.index =\n (2, 2689);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"marker\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"Sized\");\n disambiguator =\n 0 }\n ]\n };\n generic_args =\n [(Types.Type\n (Types.Uint\n Types.U32))\n ]\n }}\n };\n { Types.args = [];\n impl =\n Types.Concrete {\n generics = [];\n id =\n { Types.index =\n (2, 25071);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"num\");\n disambiguator =\n 0 };\n { Types.data =\n (Types.TypeNs\n \"ptr_try_from_impls\");\n disambiguator =\n 0 };\n { Types.data =\n Types.Impl;\n disambiguator =\n 2 }\n ]\n }}\n }\n ];\n impl =\n Types.Concrete {\n generics =\n [(Types.Type\n (Types.Uint\n Types.Usize));\n (Types.Type\n (Types.Uint\n Types.U32))\n ];\n id =\n { Types.index =\n (2, 2546);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"convert\");\n disambiguator = 0\n };\n { Types.data =\n Types.Impl;\n disambiguator = 6\n }\n ]\n }}\n }))\n })))\n ]};\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"206\", \"16\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"36\"; line = \"52\" };\n lo = { Types.col = \"12\"; line = \"52\" } };\n ty =\n Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"45\"; line = \"52\" };\n lo = { Types.col = \"37\"; line = \"52\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 8523); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"unwrap\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"43\"; line = \"52\" };\n lo = { Types.col = \"37\"; line = \"52\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n ];\n output = (Types.Uint Types.U32);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [Types.Adt {\n def_id =\n { Types.index = (2, 35147); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"result\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"Result\");\n disambiguator = 0 }\n ]\n };\n generic_args =\n [(Types.Type (Types.Uint Types.U32));\n (Types.Type\n Types.Adt {\n def_id =\n { Types.index = (2, 15596);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"num\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"error\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"TryFromIntError\");\n disambiguator = 0 }\n ]\n };\n generic_args = []})\n ]}\n ];\n output = (Types.Uint Types.U32);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"206\", \"14\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"45\"; line = \"52\" };\n lo = { Types.col = \"12\"; line = \"52\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.ValueTypeAscription {\n source =\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 206);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha512\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"payload\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"19\"; line = \"53\" };\n lo =\n { Types.col = \"12\"; line = \"53\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"53\" };\n lo = { Types.col = \"12\"; line = \"53\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"206\", \"25\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"53\" };\n lo = { Types.col = \"12\"; line = \"53\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"53\" };\n lo = { Types.col = \"20\"; line = \"53\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11039); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"53\" };\n lo = { Types.col = \"20\"; line = \"53\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"206\", \"23\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"53\" };\n lo = { Types.col = \"12\"; line = \"53\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = false; ty = (Types.Uint Types.U8)\n })\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"33\"; line = \"53\" };\n lo = { Types.col = \"12\"; line = \"53\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n user_ty =\n (Some { Types.max_universe = \"0\";\n value = (Types.Todo \"Ty(^0)\");\n variables = [(Types.Ty (Types.General \"0\"))] })};\n hir_id = (Some (\"206\", \"22\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"33\"; line = \"53\" };\n lo = { Types.col = \"12\"; line = \"53\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Pointer {cast = Types.Unsize;\n source =\n { Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"9\";\n owner =\n { Types.index = (0, 206);\n krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"sha512\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"digest\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"18\"; line = \"54\" };\n lo = { Types.col = \"12\"; line = \"54\" } };\n ty =\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n (Types.Literal\n (Types.Int\n (Types.Uint (\"64\", Types.Usize))));\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) }))\n };\n borrow_kind =\n Types.Mut {allow_two_phase_borrow = true}};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"54\" };\n lo = { Types.col = \"12\"; line = \"54\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n (Types.Literal\n (Types.Int\n (Types.Uint (\"64\", Types.Usize))));\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) })),\n true))\n }};\n hir_id = (Some (\"206\", \"30\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"54\" };\n lo = { Types.col = \"12\"; line = \"54\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), true))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"54\" };\n lo = { Types.col = \"19\"; line = \"54\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11040); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"29\"; line = \"54\" };\n lo = { Types.col = \"19\"; line = \"54\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8)\n });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"206\", \"28\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"54\" };\n lo = { Types.col = \"12\"; line = \"54\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"55\" };\n lo = { Types.col = \"8\"; line = \"51\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (22, 147); krate = \"libcrux_hacl\";\n path =\n [{ Types.data = (Types.TypeNs \"bindings\");\n disambiguator = 0 };\n { Types.data = Types.ForeignMod; disambiguator = 50 };\n { Types.data = (Types.ValueNs \"Hacl_SHA3_sha3_512\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"51\" };\n lo = { Types.col = \"8\"; line = \"51\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })};\n hir_id = (Some (\"206\", \"11\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"55\" };\n lo = { Types.col = \"8\"; line = \"51\" } };\n ty = (Types.Tuple []) };\n scope = { Types.data = Types.Node; id = \"32\" }};\n opt_destruction_scope =\n (Some { Types.data = Types.Destruction; id = \"32\" }) }\n ];\n targeted_by_break = false};\n hir_id = (Some (\"206\", \"10\"));\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"56\" };\n lo = { Types.col = \"4\"; line = \"50\" } };\n ty = (Types.Tuple []) }" - - in - digest - -let shake128 (#v_BYTES: usize) (data: slice u8) : array u8 v_BYTES = - let out:array u8 v_BYTES = Rust_primitives.Hax.repeat 0uy v_BYTES in - let _:Prims.unit = - Rust_primitives.Hax.failure "" - "{ Types.attributes = [];\n contents =\n Types.Block {expr = None; opt_destruction_scope = None;\n region_scope = { Types.data = Types.Node; id = \"38\" };\n safety_mode = Types.ExplicitUnsafe;\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"70\" };\n lo = { Types.col = \"4\"; line = \"63\" } };\n stmts =\n [{ Types.kind =\n Types.Expr {\n expr =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 209);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake128\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"data\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"16\"; line = \"65\" };\n lo = { Types.col = \"12\"; line = \"65\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"65\" };\n lo = { Types.col = \"12\"; line = \"65\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"209\", \"18\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"65\" };\n lo = { Types.col = \"12\"; line = \"65\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"65\" };\n lo = { Types.col = \"17\"; line = \"65\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 10989); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"20\"; line = \"65\" };\n lo = { Types.col = \"17\"; line = \"65\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"209\", \"16\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"65\" };\n lo = { Types.col = \"12\"; line = \"65\" } };\n ty = (Types.Uint Types.Usize) }};\n hir_id = (Some (\"209\", \"15\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"29\"; line = \"65\" };\n lo = { Types.col = \"12\"; line = \"65\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.ValueTypeAscription {\n source =\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 209);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake128\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"data\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"16\"; line = \"66\" };\n lo =\n { Types.col = \"12\"; line = \"66\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"66\" };\n lo = { Types.col = \"12\"; line = \"66\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"209\", \"25\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"66\" };\n lo = { Types.col = \"12\"; line = \"66\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"66\" };\n lo = { Types.col = \"17\"; line = \"66\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11039); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"23\"; line = \"66\" };\n lo = { Types.col = \"17\"; line = \"66\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"209\", \"23\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"66\" };\n lo = { Types.col = \"12\"; line = \"66\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = false; ty = (Types.Uint Types.U8)\n })\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"30\"; line = \"66\" };\n lo = { Types.col = \"12\"; line = \"66\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n user_ty =\n (Some { Types.max_universe = \"0\";\n value = (Types.Todo \"Ty(^0)\");\n variables = [(Types.Ty (Types.General \"0\"))] })};\n hir_id = (Some (\"209\", \"22\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"30\"; line = \"66\" };\n lo = { Types.col = \"12\"; line = \"66\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.ConstParam {\n def_id =\n { Types.index = (0, 210); krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"shake128\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"BYTES\");\n disambiguator = 0 }\n ]\n };\n param = { Types.index = 0; name = \"BYTES\" }};\n hir_id = (Some (\"209\", \"29\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"17\"; line = \"67\" };\n lo = { Types.col = \"12\"; line = \"67\" } };\n ty = (Types.Uint Types.Usize) }};\n hir_id = (Some (\"209\", \"28\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"24\"; line = \"67\" };\n lo = { Types.col = \"12\"; line = \"67\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Pointer {cast = Types.Unsize;\n source =\n { Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"10\";\n owner =\n { Types.index = (0, 209);\n krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake128\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"out\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"15\"; line = \"68\" };\n lo = { Types.col = \"12\"; line = \"68\" } };\n ty =\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n Types.ConstRef {\n id =\n { Types.index = 0; name = \"BYTES\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) }))\n };\n borrow_kind =\n Types.Mut {allow_two_phase_borrow = true}};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"68\" };\n lo = { Types.col = \"12\"; line = \"68\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n Types.ConstRef {\n id =\n { Types.index = 0; name = \"BYTES\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) })),\n true))\n }};\n hir_id = (Some (\"209\", \"35\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"68\" };\n lo = { Types.col = \"12\"; line = \"68\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), true))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"68\" };\n lo = { Types.col = \"16\"; line = \"68\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11040); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"68\" };\n lo = { Types.col = \"16\"; line = \"68\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8)\n });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"209\", \"33\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"68\" };\n lo = { Types.col = \"12\"; line = \"68\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"69\" };\n lo = { Types.col = \"8\"; line = \"64\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (22, 137); krate = \"libcrux_hacl\";\n path =\n [{ Types.data = (Types.TypeNs \"bindings\");\n disambiguator = 0 };\n { Types.data = Types.ForeignMod; disambiguator = 45 };\n { Types.data = (Types.ValueNs \"Hacl_SHA3_shake128_hacl\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"64\" };\n lo = { Types.col = \"8\"; line = \"64\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })};\n hir_id = (Some (\"209\", \"12\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"69\" };\n lo = { Types.col = \"8\"; line = \"64\" } };\n ty = (Types.Tuple []) };\n scope = { Types.data = Types.Node; id = \"37\" }};\n opt_destruction_scope =\n (Some { Types.data = Types.Destruction; id = \"37\" }) }\n ];\n targeted_by_break = false};\n hir_id = (Some (\"209\", \"11\"));\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"70\" };\n lo = { Types.col = \"4\"; line = \"63\" } };\n ty = (Types.Tuple []) }" - - in - out - -let shake256 (#v_BYTES: usize) (data: slice u8) : array u8 v_BYTES = - let out:array u8 v_BYTES = Rust_primitives.Hax.repeat 0uy v_BYTES in - let _:Prims.unit = - Rust_primitives.Hax.failure "" - "{ Types.attributes = [];\n contents =\n Types.Block {expr = None; opt_destruction_scope = None;\n region_scope = { Types.data = Types.Node; id = \"38\" };\n safety_mode = Types.ExplicitUnsafe;\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"87\" };\n lo = { Types.col = \"4\"; line = \"80\" } };\n stmts =\n [{ Types.kind =\n Types.Expr {\n expr =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 213);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"data\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"16\"; line = \"82\" };\n lo = { Types.col = \"12\"; line = \"82\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"82\" };\n lo = { Types.col = \"12\"; line = \"82\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"213\", \"18\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"82\" };\n lo = { Types.col = \"12\"; line = \"82\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"82\" };\n lo = { Types.col = \"17\"; line = \"82\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 10989); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"20\"; line = \"82\" };\n lo = { Types.col = \"17\"; line = \"82\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56447);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"len\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), false))\n ];\n output = (Types.Uint Types.Usize);\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"213\", \"16\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"22\"; line = \"82\" };\n lo = { Types.col = \"12\"; line = \"82\" } };\n ty = (Types.Uint Types.Usize) }};\n hir_id = (Some (\"213\", \"15\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"29\"; line = \"82\" };\n lo = { Types.col = \"12\"; line = \"82\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.ValueTypeAscription {\n source =\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.Deref {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"2\";\n owner =\n { Types.index = (0, 213);\n krate = \"libcrux\";\n path =\n [{ Types.data =\n (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data =\n (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"data\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath\n \"src/hacl/sha3.rs\"));\n hi =\n { Types.col = \"16\"; line = \"83\" };\n lo =\n { Types.col = \"12\"; line = \"83\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"83\" };\n lo = { Types.col = \"12\"; line = \"83\" } };\n ty = (Types.Slice (Types.Uint Types.U8)) };\n borrow_kind = Types.Shared};\n hir_id = (Some (\"213\", \"25\"));\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"83\" };\n lo = { Types.col = \"12\"; line = \"83\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), false))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"83\" };\n lo = { Types.col = \"17\"; line = \"83\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11039); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"23\"; line = \"83\" };\n lo = { Types.col = \"17\"; line = \"83\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index =\n (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs\n \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0\n };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0\n };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0\n }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56469);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data =\n Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs\n \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)),\n false))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = false;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"213\", \"23\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"25\"; line = \"83\" };\n lo = { Types.col = \"12\"; line = \"83\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = false; ty = (Types.Uint Types.U8)\n })\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"30\"; line = \"83\" };\n lo = { Types.col = \"12\"; line = \"83\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n user_ty =\n (Some { Types.max_universe = \"0\";\n value = (Types.Todo \"Ty(^0)\");\n variables = [(Types.Ty (Types.General \"0\"))] })};\n hir_id = (Some (\"213\", \"22\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"30\"; line = \"83\" };\n lo = { Types.col = \"12\"; line = \"83\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n };\n { Types.attributes = [];\n contents =\n Types.Cast {\n source =\n { Types.attributes = [];\n contents =\n Types.ConstParam {\n def_id =\n { Types.index = (0, 214); krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"shake256\");\n disambiguator = 0 };\n { Types.data = (Types.ValueNs \"BYTES\");\n disambiguator = 0 }\n ]\n };\n param = { Types.index = 0; name = \"BYTES\" }};\n hir_id = (Some (\"213\", \"29\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"17\"; line = \"84\" };\n lo = { Types.col = \"12\"; line = \"84\" } };\n ty = (Types.Uint Types.Usize) }};\n hir_id = (Some (\"213\", \"28\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"24\"; line = \"84\" };\n lo = { Types.col = \"12\"; line = \"84\" } };\n ty = (Types.Uint Types.U32) };\n { Types.attributes = [];\n contents =\n Types.Call {\n args =\n [{ Types.attributes = [];\n contents =\n Types.Pointer {cast = Types.Unsize;\n source =\n { Types.attributes = [];\n contents =\n Types.Borrow {\n arg =\n { Types.attributes = [];\n contents =\n Types.VarRef {\n id =\n { Types.id =\n { Types.local_id = \"10\";\n owner =\n { Types.index = (0, 213);\n krate = \"libcrux\";\n path =\n [{ Types.data = (Types.TypeNs \"hacl\");\n disambiguator = 0 };\n { Types.data = (Types.TypeNs \"sha3\");\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"shake256\");\n disambiguator = 0 }\n ]\n }\n };\n name = \"out\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"15\"; line = \"85\" };\n lo = { Types.col = \"12\"; line = \"85\" } };\n ty =\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n Types.ConstRef {\n id =\n { Types.index = 0; name = \"BYTES\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) }))\n };\n borrow_kind =\n Types.Mut {allow_two_phase_borrow = true}};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"85\" };\n lo = { Types.col = \"12\"; line = \"85\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Array\n ((Types.Uint Types.U8),\n { Types.attributes = [];\n contents =\n Types.ConstRef {\n id =\n { Types.index = 0; name = \"BYTES\" }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real\n (Types.LocalPath \"src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } };\n ty = (Types.Uint Types.Usize) })),\n true))\n }};\n hir_id = (Some (\"213\", \"35\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"85\" };\n lo = { Types.col = \"12\"; line = \"85\" } };\n ty =\n (Types.Ref\n ({ Types.kind = Types.ReErased },\n (Types.Slice (Types.Uint Types.U8)), true))\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"85\" };\n lo = { Types.col = \"16\"; line = \"85\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (2, 11040); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl; disambiguator = 0 };\n { Types.data = (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"26\"; line = \"85\" };\n lo = { Types.col = \"16\"; line = \"85\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs\n \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true;\n ty = (Types.Uint Types.U8) });\n unsafety = Types.Normal }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars =\n [(Types.Region\n (Types.BrNamed\n ({ Types.index = (2, 56470); krate = \"core\";\n path =\n [{ Types.data = (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data = (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\")))\n ];\n value =\n { Types.abi = Types.Abi {todo = \"Rust\"};\n c_variadic = false;\n inputs =\n [(Types.Ref\n ({ Types.kind =\n (Types.ReLateBound\n (\"0\",\n { Types.kind =\n (Types.BrNamed\n ({ Types.index = (2, 56470);\n krate = \"core\";\n path =\n [{ Types.data =\n (Types.TypeNs \"slice\");\n disambiguator = 0 };\n { Types.data = Types.Impl;\n disambiguator = 0 };\n { Types.data =\n (Types.ValueNs \"as_mut_ptr\");\n disambiguator = 0 };\n { Types.data =\n (Types.LifetimeNs \"'_\");\n disambiguator = 0 }\n ]\n },\n \"'_\"));\n var = \"0\" }))\n },\n (Types.Slice (Types.Uint Types.U8)), true))\n ];\n output =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8)\n });\n unsafety = Types.Normal }\n })};\n hir_id = (Some (\"213\", \"33\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"28\"; line = \"85\" };\n lo = { Types.col = \"12\"; line = \"85\" } };\n ty =\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n }\n ];\n fn_span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"86\" };\n lo = { Types.col = \"8\"; line = \"81\" } };\n from_hir_call = true;\n fun' =\n { Types.attributes = [];\n contents =\n Types.GlobalName {\n id =\n { Types.index = (22, 139); krate = \"libcrux_hacl\";\n path =\n [{ Types.data = (Types.TypeNs \"bindings\");\n disambiguator = 0 };\n { Types.data = Types.ForeignMod; disambiguator = 46 };\n { Types.data = (Types.ValueNs \"Hacl_SHA3_shake256_hacl\");\n disambiguator = 0 }\n ]\n }};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"31\"; line = \"81\" };\n lo = { Types.col = \"8\"; line = \"81\" } };\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })\n };\n impl = None;\n ty =\n (Types.Arrow\n { Types.bound_vars = [];\n value =\n { Types.abi = Types.Abi {todo = \"C { unwind: false }\"};\n c_variadic = false;\n inputs =\n [(Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) });\n (Types.Uint Types.U32);\n (Types.RawPtr\n { Types.mutbl = true; ty = (Types.Uint Types.U8) })\n ];\n output = (Types.Tuple []); unsafety = Types.Unsafe }\n })};\n hir_id = (Some (\"213\", \"12\"));\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"9\"; line = \"86\" };\n lo = { Types.col = \"8\"; line = \"81\" } };\n ty = (Types.Tuple []) };\n scope = { Types.data = Types.Node; id = \"37\" }};\n opt_destruction_scope =\n (Some { Types.data = Types.Destruction; id = \"37\" }) }\n ];\n targeted_by_break = false};\n hir_id = (Some (\"213\", \"11\"));\n span =\n { Types.filename = (Types.Real (Types.LocalPath \"src/hacl/sha3.rs\"));\n hi = { Types.col = \"5\"; line = \"87\" };\n lo = { Types.col = \"4\"; line = \"80\" } };\n ty = (Types.Tuple []) }" - - in - out \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.fst b/proofs/fstar/extraction/Libcrux.Kem.fst deleted file mode 100644 index 0ba733304..000000000 --- a/proofs/fstar/extraction/Libcrux.Kem.fst +++ /dev/null @@ -1,4 +0,0 @@ -module Libcrux.Kem -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core - diff --git a/src/signature.rs b/src/signature.rs index 468c772a9..3a16134f1 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -95,6 +95,13 @@ pub mod rsa_pss { pub(super) value: Vec, } + impl RsaPssSignature { + /// Get the signature as the raw byte slice. + pub fn as_bytes(&self) -> &[u8] { + &self.value + } + } + impl From<&[u8]> for RsaPssSignature { fn from(value: &[u8]) -> Self { Self { From 372cd6994ad13ba0f712ffecbf62f59effe247af Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 26 Oct 2023 14:34:19 +0200 Subject: [PATCH 03/11] cycles gone --- .../extraction/Libcrux.Kem.Kyber.Ind_cpa.fst | 24 +++++++++++-------- .../Libcrux.Kem.Kyber.Kyber1024.fst | 4 ++-- .../extraction/Libcrux.Kem.Kyber.Kyber512.fst | 4 ++-- .../extraction/Libcrux.Kem.Kyber.Kyber768.fst | 4 ++-- .../extraction/Libcrux.Kem.Kyber.Sampling.fst | 4 ++-- .../extraction/Libcrux.Kem.Kyber.Types.fst | 4 +++- proofs/fstar/extraction/Libcrux.Kem.Kyber.fst | 14 +++++------ proofs/fstar/extraction/Makefile | 8 ++----- src/kem/kyber.rs | 7 +----- src/kem/kyber/types.rs | 6 +++++ 10 files changed, 41 insertions(+), 38 deletions(-) diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst index c467e6e8a..e978bba18 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Ind_cpa.fst @@ -32,7 +32,7 @@ let serialize_secret_key let sample_matrix_A (#v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) : (t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & - Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO @@ -41,10 +41,12 @@ let sample_matrix_A (#v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K in - let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.t_Error = Core.Option.Option_None in + let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error = + Core.Option.Option_None + in let v_A_transpose, sampling_A_error:(t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & - Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K @@ -95,15 +97,17 @@ let sample_matrix_A (#v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) (v_A_transpose, sampling_A_error) (fun (v_A_transpose, sampling_A_error) j -> let sampled, error:(Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & - Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution (xof_bytes.[ j ] <: t_Array u8 (sz 840)) in - let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.t_Error = + let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error = if Core.Option.impl__is_some error then - let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.t_Error = error in + let sampling_A_error:Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error = + error + in sampling_A_error else sampling_A_error in @@ -243,7 +247,7 @@ let generate_keypair (key_generation_seed: t_Slice u8) : ((Libcrux.Kem.Kyber.Types.t_PrivateKey v_PRIVATE_KEY_SIZE & Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) & - Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO @@ -260,7 +264,7 @@ let generate_keypair in let v_A_transpose, sampling_A_error:(t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & - Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = sample_matrix_A (Libcrux.Kem.Kyber.Conversions.into_padded_array seed_for_A <: t_Array u8 (sz 34)) @@ -430,7 +434,7 @@ let encrypt (message: t_Array u8 (sz 32)) (randomness: t_Slice u8) : (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & - Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K = Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__KyberPolynomialRingElement__ZERO v_K @@ -462,7 +466,7 @@ let encrypt let seed:t_Slice u8 = public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } ] in let v_A_transpose, sampling_A_error:(t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement v_K) v_K & - Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = sample_matrix_A (Libcrux.Kem.Kyber.Conversions.into_padded_array seed <: t_Array u8 (sz 34)) false in diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst index 4c7a8fe29..254a66cd0 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber1024.fst @@ -68,14 +68,14 @@ let t_Kyber1024SharedSecret = Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32 let generate_key_pair_1024_ (randomness: t_Array u8 (sz 64)) : Core.Result.t_Result (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 3168) (sz 1568)) - Libcrux.Kem.Kyber.t_Error = Libcrux.Kem.Kyber.generate_keypair randomness + Libcrux.Kem.Kyber.Types.t_Error = Libcrux.Kem.Kyber.generate_keypair randomness let encapsulate_1024_ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568)) (randomness: t_Array u8 (sz 32)) : Core.Result.t_Result (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568) & - Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32)) Libcrux.Kem.Kyber.t_Error = + Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32)) Libcrux.Kem.Kyber.Types.t_Error = Libcrux.Kem.Kyber.encapsulate public_key randomness let decapsulate_1024_ diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst index 63e8c60df..a6581d198 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber512.fst @@ -68,14 +68,14 @@ let t_Kyber512SharedSecret = Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32) let generate_key_pair_512_ (randomness: t_Array u8 (sz 64)) : Core.Result.t_Result (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 1632) (sz 800)) - Libcrux.Kem.Kyber.t_Error = Libcrux.Kem.Kyber.generate_keypair randomness + Libcrux.Kem.Kyber.Types.t_Error = Libcrux.Kem.Kyber.generate_keypair randomness let encapsulate_512_ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800)) (randomness: t_Array u8 (sz 32)) : Core.Result.t_Result (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768) & - Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32)) Libcrux.Kem.Kyber.t_Error = + Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32)) Libcrux.Kem.Kyber.Types.t_Error = Libcrux.Kem.Kyber.encapsulate public_key randomness let decapsulate_512_ diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst index 85816015e..8cc5acd60 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Kyber768.fst @@ -68,14 +68,14 @@ let t_Kyber768SharedSecret = Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32) let generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) : Core.Result.t_Result (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184)) - Libcrux.Kem.Kyber.t_Error = Libcrux.Kem.Kyber.generate_keypair randomness + Libcrux.Kem.Kyber.Types.t_Error = Libcrux.Kem.Kyber.generate_keypair randomness let encapsulate_768_ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)) (randomness: t_Array u8 (sz 32)) : Core.Result.t_Result (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & - Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32)) Libcrux.Kem.Kyber.t_Error = + Libcrux.Kem.Kyber.Types.t_KyberSharedSecret (sz 32)) Libcrux.Kem.Kyber.Types.t_Error = Libcrux.Kem.Kyber.encapsulate public_key randomness let decapsulate_768_ diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst index 509ef2a01..b6957cdcd 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Sampling.fst @@ -4,7 +4,7 @@ open Core let sample_from_uniform_distribution (#v_SEED_SIZE: usize) (randomness: t_Array u8 v_SEED_SIZE) : (Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement & - Core.Option.t_Option Libcrux.Kem.Kyber.t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = let (sampled_coefficients: usize):usize = sz 0 in let (out: Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = @@ -81,7 +81,7 @@ let sample_from_uniform_distribution (#v_SEED_SIZE: usize) (randomness: t_Array in () in - out, Core.Option.Option_Some Libcrux.Kem.Kyber.Error_RejectionSampling + out, Core.Option.Option_Some Libcrux.Kem.Kyber.Types.Error_RejectionSampling let sample_from_binomial_distribution_2_ (randomness: t_Slice u8) : Libcrux.Kem.Kyber.Arithmetic.t_KyberPolynomialRingElement = diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst index 93247aabe..8cc591428 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Types.fst @@ -509,4 +509,6 @@ let impl__pk let impl__sk (#v_PRIVATE_KEY_SIZE #v_PUBLIC_KEY_SIZE: usize) (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - : t_Array u8 v_PRIVATE_KEY_SIZE = impl_27__as_slice self.f_sk \ No newline at end of file + : t_Array u8 v_PRIVATE_KEY_SIZE = impl_27__as_slice self.f_sk + +type t_Error = | Error_RejectionSampling : t_Error \ No newline at end of file diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst index c948cf89f..6e8387e16 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.fst @@ -2,8 +2,6 @@ module Libcrux.Kem.Kyber #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core -type t_Error = | Error_RejectionSampling : t_Error - let v_KEY_GENERATION_SEED_SIZE: usize = Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE @@ -13,7 +11,8 @@ let generate_keypair usize) (randomness: t_Array u8 (sz 64)) : Core.Result.t_Result - (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) t_Error = + (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + Libcrux.Kem.Kyber.Types.t_Error = let ind_cpa_keypair_randomness:t_Slice u8 = randomness.[ { Core.Ops.Range.f_start = sz 0; @@ -28,7 +27,7 @@ let generate_keypair let (ind_cpa_private_key, public_key), sampling_a_error:((Libcrux.Kem.Kyber.Types.t_PrivateKey v_CPA_PRIVATE_KEY_SIZE & Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) & - Core.Option.t_Option t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = Libcrux.Kem.Kyber.Ind_cpa.generate_keypair ind_cpa_keypair_randomness in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = @@ -61,7 +60,8 @@ let encapsulate (randomness: t_Array u8 v_SHARED_SECRET_SIZE) : Core.Result.t_Result (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & - Libcrux.Kem.Kyber.Types.t_KyberSharedSecret v_SHARED_SECRET_SIZE) t_Error = + Libcrux.Kem.Kyber.Types.t_KyberSharedSecret v_SHARED_SECRET_SIZE) + Libcrux.Kem.Kyber.Types.t_Error = let randomness_hashed:t_Array u8 (sz 32) = Libcrux.Kem.Kyber.Hash_functions.v_H (Rust_primitives.unsize randomness <: t_Slice u8) in @@ -97,7 +97,7 @@ let encapsulate Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) in let ciphertext, sampling_a_error:(Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & - Core.Option.t_Option t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = Libcrux.Kem.Kyber.Ind_cpa.encrypt (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_36__as_slice public_key <: @@ -178,7 +178,7 @@ let decapsulate Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) in let expected_ciphertext, _:(Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & - Core.Option.t_Option t_Error) = + Core.Option.t_Option Libcrux.Kem.Kyber.Types.t_Error) = Libcrux.Kem.Kyber.Ind_cpa.encrypt ind_cpa_public_key decrypted pseudorandomness in let selector:u8 = diff --git a/proofs/fstar/extraction/Makefile b/proofs/fstar/extraction/Makefile index 9ddec8fef..8137c8d2c 100644 --- a/proofs/fstar/extraction/Makefile +++ b/proofs/fstar/extraction/Makefile @@ -29,7 +29,7 @@ # (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) # -HAX_LIBS_HOME ?= $(shell git rev-parse --show-toplevel)/proof-libs/fstar +HAX_LIBS_HOME ?= $(shell git rev-parse --show-toplevel)/../hax/proof-libs/fstar FSTAR_HOME ?= $(HAX_LIBS_HOME)/../../../FStar HACL_HOME ?= $(HAX_LIBS_HOME)/../../../hacl-star FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") @@ -49,8 +49,7 @@ ROOTS = $(wildcard *.fst) FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HAX_LIBS_HOME)/rust_primitives $(HAX_LIBS_HOME)/core $(HAX_LIBS_HOME)/hax_lib -FSTAR_FLAGS = --lax \ - --cmi \ +FSTAR_FLAGS = --cmi \ --warn_error -331 \ --cache_checked_modules --cache_dir $(CACHE_DIR) \ --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ @@ -71,9 +70,6 @@ $(HINT_DIR): $(CACHE_DIR): mkdir -p $@ -$(CACHE_DIR)/Chacha20.Hacspec_helper.fst.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) --lax $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - $(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints diff --git a/src/kem/kyber.rs b/src/kem/kyber.rs index 7cc58e18c..04cb11c84 100644 --- a/src/kem/kyber.rs +++ b/src/kem/kyber.rs @@ -24,14 +24,9 @@ pub mod kyber512; pub mod kyber768; pub use types::{ - KyberCiphertext, KyberKeyPair, KyberPrivateKey, KyberPublicKey, KyberSharedSecret, + KyberCiphertext, KyberKeyPair, KyberPrivateKey, KyberPublicKey, KyberSharedSecret,Error }; -#[derive(Debug, Clone, Copy)] -pub enum Error { - RejectionSampling, -} - use self::{ constant_time_ops::{ compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, diff --git a/src/kem/kyber/types.rs b/src/kem/kyber/types.rs index c7ff702ad..6ce95376e 100644 --- a/src/kem/kyber/types.rs +++ b/src/kem/kyber/types.rs @@ -128,3 +128,9 @@ impl self.sk.as_slice() } } + +#[derive(Debug, Clone, Copy)] +pub enum Error { + RejectionSampling, +} + From f39af72ae56c6694e20c6267f894ed502befe089 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 26 Oct 2023 14:38:04 +0200 Subject: [PATCH 04/11] cargo fmt --- src/kem/kyber.rs | 2 +- src/kem/kyber/types.rs | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/kem/kyber.rs b/src/kem/kyber.rs index 04cb11c84..fe86b5729 100644 --- a/src/kem/kyber.rs +++ b/src/kem/kyber.rs @@ -24,7 +24,7 @@ pub mod kyber512; pub mod kyber768; pub use types::{ - KyberCiphertext, KyberKeyPair, KyberPrivateKey, KyberPublicKey, KyberSharedSecret,Error + Error, KyberCiphertext, KyberKeyPair, KyberPrivateKey, KyberPublicKey, KyberSharedSecret, }; use self::{ diff --git a/src/kem/kyber/types.rs b/src/kem/kyber/types.rs index 6ce95376e..b71317c2b 100644 --- a/src/kem/kyber/types.rs +++ b/src/kem/kyber/types.rs @@ -133,4 +133,3 @@ impl pub enum Error { RejectionSampling, } - From aedea58de2ed6a94edff5554c591cbcc507fba02 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 26 Oct 2023 15:00:44 +0200 Subject: [PATCH 05/11] add typecheck command --- hax-driver.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/hax-driver.py b/hax-driver.py index a5d1a146d..03f015965 100755 --- a/hax-driver.py +++ b/hax-driver.py @@ -64,8 +64,21 @@ def shell(command, expect=0, cwd=None): default="", help="Space-separated list of modules to exclude from extraction. The module names must be fully qualified.", ) +typecheck_parser = parser.add_subparsers( + description="Typecheck libcrux", + dest="typecheck", + help="Run F* etc. to typecheck the extracted libcrux code.", +) +typecheck_parser = typecheck_parser.add_parser("typecheck") +typecheck_parser.add_argument( + "--lax", + action="store_true", + dest="lax", + help="Lax typecheck the code only", +) options = parser.parse_args() +print("subparser: ", options) filter_string = "" @@ -89,6 +102,9 @@ def shell(command, expect=0, cwd=None): else: filter_string += " {}".format(options.exclude_modules) +if options.typecheck: + shell(["make", "-C", "proofs/fstar/extraction/"]) + exit(0) if filter_string: shell( From 4971807bb2b2a4603c40c38972d5f85d38dc4cec Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 26 Oct 2023 16:09:22 +0200 Subject: [PATCH 06/11] digest stub --- proofs/fstar/extraction/Libcrux.Digest.fst | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 proofs/fstar/extraction/Libcrux.Digest.fst diff --git a/proofs/fstar/extraction/Libcrux.Digest.fst b/proofs/fstar/extraction/Libcrux.Digest.fst new file mode 100644 index 000000000..0cd21372e --- /dev/null +++ b/proofs/fstar/extraction/Libcrux.Digest.fst @@ -0,0 +1,6 @@ +module Libcrux.Digest + +open Rust_primitives + +type alg = | Algorithm_Sha3_256_ +let digest_size x = sz 32 From 4d4829711094fde003f19c54677d4a5398f13fb5 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 26 Oct 2023 19:18:08 +0200 Subject: [PATCH 07/11] actually do lax --- hax-driver.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/hax-driver.py b/hax-driver.py index 03f015965..cc74f657f 100755 --- a/hax-driver.py +++ b/hax-driver.py @@ -6,7 +6,7 @@ import sys -def shell(command, expect=0, cwd=None): +def shell(command, expect=0, cwd=None, env={}): subprocess_stdout = subprocess.DEVNULL print("Command: ", end="") @@ -18,7 +18,10 @@ def shell(command, expect=0, cwd=None): print("\nDirectory: {}".format(cwd)) - ret = subprocess.run(command, cwd=cwd) + os_env = os.environ + os_env.update(env) + + ret = subprocess.run(command, cwd=cwd, env=os_env) if ret.returncode != expect: raise Exception("Error {}. Expected {}.".format(ret, expect)) @@ -78,7 +81,6 @@ def shell(command, expect=0, cwd=None): ) options = parser.parse_args() -print("subparser: ", options) filter_string = "" @@ -103,7 +105,10 @@ def shell(command, expect=0, cwd=None): filter_string += " {}".format(options.exclude_modules) if options.typecheck: - shell(["make", "-C", "proofs/fstar/extraction/"]) + custom_env = {} + if options.lax: + custom_env.update({"OTHERFLAGS": "--lax"}) + shell(["make", "-C", "proofs/fstar/extraction/"], custom_env) exit(0) if filter_string: From 0ea3540761441892510400026b8ededb6b80baf0 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 26 Oct 2023 20:04:46 +0200 Subject: [PATCH 08/11] more generic paths for f* --- libcrux.fst.config.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libcrux.fst.config.json b/libcrux.fst.config.json index e9354b92b..10fbcf156 100644 --- a/libcrux.fst.config.json +++ b/libcrux.fst.config.json @@ -6,14 +6,14 @@ "-331", "--cache_checked_modules", "--cache_dir", - "/Users/franziskus/repos/hax/proof-libs/fstar/.cache", + "../hax/proof-libs/fstar/.cache", "--already_cached", "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" ], "include_dirs": [ - "/Users/franziskus/repos/hacl-star/lib", - "/Users/franziskus/repos/hax/proof-libs/fstar/rust_primitives", - "/Users/franziskus/repos/hax/proof-libs/fstar/core", - "/Users/franziskus/repos/hax/proof-libs/fstar/hax_lib" + "../hacl-star/lib", + "../hax/proof-libs/fstar/rust_primitives", + "../hax/proof-libs/fstar/core", + "../hax/proof-libs/fstar/hax_lib" ] } \ No newline at end of file From 47cb9716a75af786794c002eb6c1a8388b56dbb0 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 30 Oct 2023 11:37:09 +0100 Subject: [PATCH 09/11] update F* vs config file --- libcrux.fst.config.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libcrux.fst.config.json b/libcrux.fst.config.json index 10fbcf156..4160a9a08 100644 --- a/libcrux.fst.config.json +++ b/libcrux.fst.config.json @@ -6,14 +6,14 @@ "-331", "--cache_checked_modules", "--cache_dir", - "../hax/proof-libs/fstar/.cache", + "${HAX_HOME}/proof-libs/fstar/.cache", "--already_cached", "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" ], "include_dirs": [ - "../hacl-star/lib", - "../hax/proof-libs/fstar/rust_primitives", - "../hax/proof-libs/fstar/core", - "../hax/proof-libs/fstar/hax_lib" + "${HACL_HOME}/lib", + "${HAX_HOME}/proof-libs/fstar/rust_primitives", + "${HAX_HOME}/proof-libs/fstar/core", + "${HAX_HOME}/proof-libs/fstar/hax_lib" ] -} \ No newline at end of file +} From feb6cc5e58bdaa05e7b73c14650b22c5863491ae Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 30 Oct 2023 11:41:28 +0100 Subject: [PATCH 10/11] undo signature changes --- src/signature.rs | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/signature.rs b/src/signature.rs index 3a16134f1..468c772a9 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -95,13 +95,6 @@ pub mod rsa_pss { pub(super) value: Vec, } - impl RsaPssSignature { - /// Get the signature as the raw byte slice. - pub fn as_bytes(&self) -> &[u8] { - &self.value - } - } - impl From<&[u8]> for RsaPssSignature { fn from(value: &[u8]) -> Self { Self { From 0209586ac22efe9cb87432832793c3eb5857620b Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 30 Oct 2023 11:59:06 +0100 Subject: [PATCH 11/11] digest interface --- proofs/fstar/extraction/Libcrux.Digest.fst | 6 ---- proofs/fstar/extraction/Libcrux.Digest.fsti | 39 +++++++++++++++++++++ 2 files changed, 39 insertions(+), 6 deletions(-) delete mode 100644 proofs/fstar/extraction/Libcrux.Digest.fst create mode 100644 proofs/fstar/extraction/Libcrux.Digest.fsti diff --git a/proofs/fstar/extraction/Libcrux.Digest.fst b/proofs/fstar/extraction/Libcrux.Digest.fst deleted file mode 100644 index 0cd21372e..000000000 --- a/proofs/fstar/extraction/Libcrux.Digest.fst +++ /dev/null @@ -1,6 +0,0 @@ -module Libcrux.Digest - -open Rust_primitives - -type alg = | Algorithm_Sha3_256_ -let digest_size x = sz 32 diff --git a/proofs/fstar/extraction/Libcrux.Digest.fsti b/proofs/fstar/extraction/Libcrux.Digest.fsti new file mode 100644 index 000000000..2df30e7d8 --- /dev/null +++ b/proofs/fstar/extraction/Libcrux.Digest.fsti @@ -0,0 +1,39 @@ +module Libcrux.Digest +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Rust_primitives +open Core + +type t_Algorithm = + | Algorithm_Sha1 : t_Algorithm + | Algorithm_Sha224 : t_Algorithm + | Algorithm_Sha256 : t_Algorithm + | Algorithm_Sha384 : t_Algorithm + | Algorithm_Sha512 : t_Algorithm + | Algorithm_Blake2s : t_Algorithm + | Algorithm_Blake2b : t_Algorithm + | Algorithm_Sha3_224_ : t_Algorithm + | Algorithm_Sha3_256_ : t_Algorithm + | Algorithm_Sha3_384_ : t_Algorithm + | Algorithm_Sha3_512_ : t_Algorithm + +let digest_size (mode: t_Algorithm) : usize = + match mode with + | Algorithm_Sha1 -> sz 20 + | Algorithm_Sha224 -> sz 28 + | Algorithm_Sha256 -> sz 32 + | Algorithm_Sha384 -> sz 48 + | Algorithm_Sha512 -> sz 64 + | Algorithm_Blake2s -> sz 32 + | Algorithm_Blake2b -> sz 64 + | Algorithm_Sha3_224_ -> sz 28 + | Algorithm_Sha3_256_ -> sz 32 + | Algorithm_Sha3_384_ -> sz 48 + | Algorithm_Sha3_512_ -> sz 64 + +val sha3_256_ (payload: t_Slice u8) : t_Array u8 (sz 32) + +val sha3_512_ (payload: t_Slice u8) : t_Array u8 (sz 64) + +val shake128 (#v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN + +val shake256 (#v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN